The application health check scan thoroughly examines applications for potential security risks and vulnerabilities. Upon completion of the scan, the results of the identified issues assist developers to pinpoint what they need to fix first.
• Acunetix: In dynamic analysis, assess applications for common vulnerabilities such as SQL Injections, Cross-site Scripting (XSS) and vulnerable components due to insecure coding or misconfiguration
• Coverity: In static analysis, identify source code deficiencies and vulnerabilities, such as resource leaks, dereferences of NULL pointers, and hardcoded credentials due to careless coding
Free
Office Hours
Acunetix Scanning
This is a self-help service. There are two kinds of arrangements: scanning in a sandbox environment or on a live website. Since Acunetix scanning may be potentially intrusive, we recommend scanning in a sandbox environment if possible. For details, please refer to the Application Health-check Scanning Manual - Acunetix in the link below for details to get started.
Remediation requirements
- High vulnerability must be fixed within 28 days.
- Medium vulnerability must be reviewed. Application administrator should evaluate if fix need to be applied by considering the risk associated.
Coverity Scanning
Please send an email to webscan@ust.hk to request a scan and attach the source code zip file. We will notify you once the scan is complete and you can log in to the Coverity web portal to view the results. Please refer to the Application Health-check Scanning Manual - Coverity in the link below for details to get started.
Remediation requirements
- High vulnerability must be fixed within 28 days.
- Medium vulnerability must be fixed within 56 days.
For assistance, please contact us at webscan@ust.hk
Please visit the following links to learn more about application security information or services.