To cope with the Policy on Minimum Security Standard for Web Applications, ITSC has set up a Web Application Vulnerability Assessment service for departments. This service is especially useful for colleagues during the development cycle or the testing of open-source application and third-party developed applications. The assessment will act as a hacker to exploit the possible security vulnerabilities on your application and then hack into it by using some popular hacking skills such as cross-site scripting and SQL injection as listed in the Open Web Application Security Project (OWASP) Top Ten, etc. Then, a comprehensive assessment report will be produced for you with suggestions of how to fix the vulnerabilities. If you want to get a sample report, please click here.
The web application must pass this web application vulnerability assessment before production launch or after any major changes on the application. The assessment is successful only if NO critical vulnerabilities can be found in the assessment.
Departments
Free; application required through email infosec@cuhk.edu.hk
Office hours
Email: infosec@cuhk.edu.hk
Upon received all the required information from the Application Form for Web Application Vulnerability Assessment, the assessment would be started asap if our scanner is available.
The duration of the assessment depends on different factors:
Please note that if there are multiple user roles in the application, the scan tasks are unable to conduct concurrently since it usually affects the performance of your web server to be scanned.
If any critical vulnerability is found in an assessment, the vulnerability has to be fixed and schedule for reassessment until no critical vulnerability can be found in the assessment.
The scanners for web application assessment will attack your application which could damage the files and/or database of the application. So please ensure the following before the scan task can be started:
| Cookie | Duration | Description | 
|---|---|---|
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". | 
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". | 
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". | 
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. | 
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". | 
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. | 
