Managed Security Review for Web Applications
info
The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.
This page explains managed security reviews for Web applications provided by Flatt Security. Note that Flatt Security may provide more policies than ones described here, depending on your support plans.
info
Managed security reviews for web applications will continue to be expanded, and this page will be updated accordingly. For the latest roadmap regarding the expansion of managed security reviews, please reach out to Flatt Security.
All managed review items
Title | ID in Shisho Cloud |
---|---|
Ensure That the Web Application Has a Proper Access-Control-Allow-Origin Header | decision.api.shisho.dev/v1beta:web_acao |
Ensure that the Web Application Configures a Proper Cache-Control Header | decision.api.shisho.dev/v1beta:web_cache_control |
Ensure that the Web Application Implements Clickjacking Prevention Measures | decision.api.shisho.dev/v1beta:web_click_jacking |
Ensure That the Web Application Has a Proper Content-Type Header | decision.api.shisho.dev/v1beta:web_content_type |
Ensure that the Web Application Has the HttpOnly Attribute Enabled for Cookies | decision.api.shisho.dev/v1beta:web_cookie_httponly |
Ensure that the Web Application Sets the SameSite Attribute for Cookies | decision.api.shisho.dev/v1beta:web_cookie_samesite |
Ensure That the Web Application Uses the Secure Attribute for Cookies | decision.api.shisho.dev/v1beta:web_cookie_secure |
Ensure that the Web Application Sets a Proper Cross-Origin-Opener-Policy Header | decision.api.shisho.dev/v1beta:web_coop |
Ensure that the Web Application Sets a Proper Cross-Origin-Resource-Policy Header | decision.api.shisho.dev/v1beta:web_corp |
Ensure that the Web Application Sets the Content-Security-Policy Header | decision.api.shisho.dev/v1beta:web_csp |
Ensure that the Web Application Fixes the Eval Injection Vulnerability | decision.api.shisho.dev/v1beta:web_evali |
Ensure that the Web Application Fixes Header Injection Vulnerabilities | decision.api.shisho.dev/v1beta:web_headeri |
Ensure That the Web Application Removes Debugging Hints | decision.api.shisho.dev/v1beta:web_hint_debug |
Ensure That the Web Application Disables Directory Listing | decision.api.shisho.dev/v1beta:web_hint_dir_browsing |
Ensure That the Web Application Does Not Expose Raw Error Logs | decision.api.shisho.dev/v1beta:web_hint_error |
Ensure That the Web Application Has Disabled GraphQL Introspection | decision.api.shisho.dev/v1beta:web_hint_gql_introspection |
Ensure That the Web Application Evaluates the Necessity of Using JSO | decision.api.shisho.dev/v1beta:web_hint_jso |
Ensure That the Web Application Avoids Exposure of Server Configuration Information | decision.api.shisho.dev/v1beta:web_hint_server |
Ensure that the Web Application Avoids Information Leakage About Source Code | decision.api.shisho.dev/v1beta:web_hint_src |
Ensure that the Web Application Has HSTS Enabled | decision.api.shisho.dev/v1beta:web_hsts |
Ensure that the Web Application Sets an Appropriate Max-Age for HSTS | decision.api.shisho.dev/v1beta:web_hsts_max_age |
Ensure that the Web Application Enables HSTS includeSubDomains | decision.api.shisho.dev/v1beta:web_hsts_subdomain |
Ensure That the Web Application Fixes HTML Injection Vulnerability | decision.api.shisho.dev/v1beta:web_htmli |
Ensure That the Web Application Fixes Path Traversal Vulnerability | decision.api.shisho.dev/v1beta:web_lfi |
Ensure that the Web Application Does Not Set HSTS in Meta Tags | decision.api.shisho.dev/v1beta:web_meta_hsts |
Ensure that the Web Application Does Not Set X-Frame-Options within Meta Tags | decision.api.shisho.dev/v1beta:web_meta_xfo |
Ensure that the Web Application Fixes the OS Command Injection Vulnerability | decision.api.shisho.dev/v1beta:web_osci |
Ensure that the Web Application Fixes the Open Redirect Vulnerability | decision.api.shisho.dev/v1beta:web_redirect |
Ensure That the Web Application Has a Proper Referrer-Policy Header | decision.api.shisho.dev/v1beta:web_referrer_policy |
Ensure That the Web Application Fixes SQL Injection Vulnerabilities | decision.api.shisho.dev/v1beta:web_sqli |
Ensure That the Web Application Fixes Server-Side Request Forgery Vulnerability | decision.api.shisho.dev/v1beta:web_ssrf |
Ensure That the Web Application Fixes Server-Side Template Injection Vulnerabilities | decision.api.shisho.dev/v1beta:web_ssti |
Ensure that the Web Application Enables the X-Content-Type-Options Header | decision.api.shisho.dev/v1beta:web_x_content_type_options |
Ensure that the Web Application Fixes XPath Injection Vulnerability | decision.api.shisho.dev/v1beta:web_xpathi |
Ensure That the Web Application Fixes XSS Vulnerabilities | decision.api.shisho.dev/v1beta:web_xss |
Ensure That the Web Application Fixes XML External Entity Vulnerability | decision.api.shisho.dev/v1beta:web_xxe |