# Weixin Mini Program Vulnerability Scanning

# I. Introduction to Weixin Mini Program vulnerability scanning

In order to enhance the ecological security of WeChat open platforms,Weixin Mini Program Security issues in the development process, such as sensitive data tampering, leakage of database information, web attacks, and other security issues, the platform provides vulnerability scanning capabilities to developers, assisting developers and operators in discovering back-end interface vulnerabilities and giving corresponding remediation guidance.A further basic solution will be provided in the future so that developers can identify vulnerabilities in a timely manner and quickly fix the problem.

# II. Weixin Mini Program is at risk of major vulnerabilities

In Weixin Mini Program Web servers, there are many risks such as SQL injection, XSS, sensitive information disclosure, and so on.For the existing Mini Program vulnerability risk, WeChat open platform for WEB server vulnerabilities, sensitive information detection in one vulnerability scanning products.

# III. Weixin Mini Program Vulnerability Scanning Core Capabilities

Weixin Mini Program Vulnerability scanning is an automated scanning of web attack methods such as SQL injection, XSS attack, information breach, directory traversing, etc., security detection of small business CGIs and web frameworks, and provides a holistic automated vulnerability detection tool.

# IV. Product advantages

# 1. Provision by the official security team

WeChat open platform official security testing team, experienced in actual combat

# 2 Comprehensive Scanning Multidimensional Monitoring

Covers 50 vulnerability detection items, including all types of Weixin Mini Program common vulnerabilities

# 3. Safety and convenience need not be developed

Provides developer tools and Weixin Mini Program background two entrance, easy to use

# V. The usage process

# 1 、 WeChat Developer Tools

1. Open the request page: WeChat After the developer tools compile Weixin Mini Program, in the debugger - > Vulnerability, open [Domain name acquisition].

2. Get and scan the domain name: Click on the different paths on the left Weixin Mini Program preview page to get the domain name. Check the domain name on the right [to-scan domain name] and click the above scan button. Wait for the scan to complete.Note: The login status may expire and needs to be reauthorized

3. See the scan results. After the domain name scan is completed, you can see the scan results below the scan box. A domain name marked with a red exclamation mark indicates that the domain name has a vulnerability.Click on this domain name to view the level of risk, type, risk description, repair advice and other details of the vulnerability, you can refer to the recommendation to examine the vulnerability, improve the safety of Weixin Mini Program, no tag means no risk.

# 2 、 Weixin Mini Program Background

1. Request Step: Log in to Weixin Mini Program, in Development → Development Management → Security Center → Interface Security Scan, click Start Scan, get parameters and scan. Make sure the Mini Program server resources are ready before the scan starts.

2. Get parameters: You can obtain them automatically or fill them in manually. The automatic obtaining option allows you to select the parameters to obtain the online version and the experience version; To fill in manually, you need to select the request method and fill in the url, query, header related information, and start scanning after the parameters are completed.

3. Report viewing: When the scan is completed, you can view the scan report or notify the center.