Web Application Security Diagnostics

Investigate and take measures against website and web application vulnerabilities

Service Overview

Attacks targeting vulnerabilities inherent in web applications and incidents of personal and other critical information leaks are on the rise.

Infosec's Web Application Security Diagnostics is a service that exposes vulnerabilities and proposes the necessary measures for problems inherent in web applications.

The following services make up Web Application Security Diagnostics.

Professional Service

An expert in the field exposes vulnerabilities across all categories comprehensively through manual diagnostics.

Our Professional service allows you to discover with high accuracy the possibility of diversion to spoofing, privilege escalation and other attacks that rely on exposed vulnerabilities and problems caused by a lack of application logic.

The Professional Service is optimal for customers who have performed a thorough check on web applications that control important sensitive information or which would have a significant impact on the business if halted.

Standard Service

Relying primarily on tool diagnostics, this service exposes vulnerabilities most often detected, such as SQL injection and cross-site scripting. Also, manual diagnostics by experts will expose authentication functions not detected by tools and vulnerability in session management.

Standard service is optimal for customers who want to ensure that vulnerabilities most often detected in personal information entry do not exist in their web applications.

Features

Infosec's "Web Application Security Diagnostics" executes a pseudo attack from an attackers' perspective by experts with a wide range of diagnostic experience, such as with the government and mega-bank financial applications, EC sites, business applications, and membership sites. The pseudo attack exposes any vulnerabilities and problems inherent in the web application.(*1)

We report detected vulnerabilities and countermeasures necessary based on the web application characteristics.

(*1)According to results of our web application security diagnostics service performed from April 2012 to March 2014, we detected high-risk vulnerability in more than 90% of websites diagnosed.

Performing Web Application Security Diagnostics enables you to clarify the following example points:

  • Whether you can access information in a database
  • Whether spoofing allows access without authorization
  • Whether a general user can elevate privileges
  • Whether a possibility of information leak exists
  • Whether it is possible to make changes to a webpage or lead users to malicious sites
  • Whether a website can be exploited as a springboard for phishing attacks

[Environment]

Two types of service are available: remote diagnostics via the Internet or on-site diagnostics performed during a visit to a customers' office (including data centers and other facilities).

Examples of diagnostic environment

Deploying the Service

Click here to view the flow of deploying this service from inquiry to deployment and report meeting.

Samples

Web Diagnostics Result Report