Skip to main content

Managed Security Review for Web Applications

info

The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.

This page explains managed security reviews for Web applications provided by Flatt Security. Note that Flatt Security may provide more policies than ones described here, depending on your support plans.

info

Managed security reviews for web applications will continue to be expanded, and this page will be updated accordingly. For the latest roadmap regarding the expansion of managed security reviews, please reach out to Flatt Security.

All managed review items

TitleID in Shisho Cloud
Ensure That the Web Application Has a Proper Access-Control-Allow-Origin Headerdecision.api.shisho.dev/v1beta:web_acao
Ensure that the Web Application Configures a Proper Cache-Control Headerdecision.api.shisho.dev/v1beta:web_cache_control
Ensure that the Web Application Implements Clickjacking Prevention Measuresdecision.api.shisho.dev/v1beta:web_click_jacking
Ensure That the Web Application Has a Proper Content-Type Headerdecision.api.shisho.dev/v1beta:web_content_type
Ensure that the Web Application Has the HttpOnly Attribute Enabled for Cookiesdecision.api.shisho.dev/v1beta:web_cookie_httponly
Ensure that the Web Application Sets the SameSite Attribute for Cookiesdecision.api.shisho.dev/v1beta:web_cookie_samesite
Ensure That the Web Application Uses the Secure Attribute for Cookiesdecision.api.shisho.dev/v1beta:web_cookie_secure
Ensure that the Web Application Sets a Proper Cross-Origin-Opener-Policy Headerdecision.api.shisho.dev/v1beta:web_coop
Ensure that the Web Application Sets a Proper Cross-Origin-Resource-Policy Headerdecision.api.shisho.dev/v1beta:web_corp
Ensure that the Web Application Sets the Content-Security-Policy Headerdecision.api.shisho.dev/v1beta:web_csp
Ensure that the Web Application Fixes the Eval Injection Vulnerabilitydecision.api.shisho.dev/v1beta:web_evali
Ensure that the Web Application Fixes Header Injection Vulnerabilitiesdecision.api.shisho.dev/v1beta:web_headeri
Ensure That the Web Application Removes Debugging Hintsdecision.api.shisho.dev/v1beta:web_hint_debug
Ensure That the Web Application Disables Directory Listingdecision.api.shisho.dev/v1beta:web_hint_dir_browsing
Ensure That the Web Application Does Not Expose Raw Error Logsdecision.api.shisho.dev/v1beta:web_hint_error
Ensure That the Web Application Has Disabled GraphQL Introspectiondecision.api.shisho.dev/v1beta:web_hint_gql_introspection
Ensure That the Web Application Evaluates the Necessity of Using JSOdecision.api.shisho.dev/v1beta:web_hint_jso
Ensure That the Web Application Avoids Exposure of Server Configuration Informationdecision.api.shisho.dev/v1beta:web_hint_server
Ensure that the Web Application Avoids Information Leakage About Source Codedecision.api.shisho.dev/v1beta:web_hint_src
Ensure that the Web Application Has HSTS Enableddecision.api.shisho.dev/v1beta:web_hsts
Ensure that the Web Application Sets an Appropriate Max-Age for HSTSdecision.api.shisho.dev/v1beta:web_hsts_max_age
Ensure that the Web Application Enables HSTS includeSubDomainsdecision.api.shisho.dev/v1beta:web_hsts_subdomain
Ensure That the Web Application Fixes HTML Injection Vulnerabilitydecision.api.shisho.dev/v1beta:web_htmli
Ensure That the Web Application Fixes Path Traversal Vulnerabilitydecision.api.shisho.dev/v1beta:web_lfi
Ensure that the Web Application Does Not Set HSTS in Meta Tagsdecision.api.shisho.dev/v1beta:web_meta_hsts
Ensure that the Web Application Does Not Set X-Frame-Options within Meta Tagsdecision.api.shisho.dev/v1beta:web_meta_xfo
Ensure that the Web Application Fixes the OS Command Injection Vulnerabilitydecision.api.shisho.dev/v1beta:web_osci
Ensure that the Web Application Fixes the Open Redirect Vulnerabilitydecision.api.shisho.dev/v1beta:web_redirect
Ensure That the Web Application Has a Proper Referrer-Policy Headerdecision.api.shisho.dev/v1beta:web_referrer_policy
Ensure That the Web Application Fixes SQL Injection Vulnerabilitiesdecision.api.shisho.dev/v1beta:web_sqli
Ensure That the Web Application Fixes Server-Side Request Forgery Vulnerabilitydecision.api.shisho.dev/v1beta:web_ssrf
Ensure That the Web Application Fixes Server-Side Template Injection Vulnerabilitiesdecision.api.shisho.dev/v1beta:web_ssti
Ensure that the Web Application Enables the X-Content-Type-Options Headerdecision.api.shisho.dev/v1beta:web_x_content_type_options
Ensure that the Web Application Fixes XPath Injection Vulnerabilitydecision.api.shisho.dev/v1beta:web_xpathi
Ensure That the Web Application Fixes XSS Vulnerabilitiesdecision.api.shisho.dev/v1beta:web_xss
Ensure That the Web Application Fixes XML External Entity Vulnerabilitydecision.api.shisho.dev/v1beta:web_xxe