Advanced Vulnerability Diagnostics: Expert-led deep analysys and high-fidelity reporting.
Security Plus
Security Assessment Service:
Web ApplicationAssessment
Recommended for
- Pre-launch Checks: Those who need to perform a security check on web services or web applications under development before delivery or go-live, or who have been asked to do so
- Expert Advice: Those who want to a professional engineer’s opinion to understand current security risks
- Handling Personal Data: Those who operate web services that handle personal information (such as e-commerce sites or social networking services)
- Public Websites: Those who operate websites accessible by an unspecified number of users
In today’s society, the connection between organizations, their information assets, and the internet is becoming increasingly close.
However, cyberattacks that target vulnerabilities in web applications are frequently occurring, and there is no sign of them slowing down.
“Vulnerabilities” refers to a security flaw within software. In our fast paced world, security considerations often end up being deprioritized due to factors such as budget, deadlines, and the need to implement desired functionality. In fact, reports indicate that web application–related issues account for the majority of reported vulnerabilities, and measures against vulnerabilities in software—and especially web applications—are becoming essential as a line of defense against cyberattacks.
However, even though countermeasures against vulnerabilities are necessary, it is not advisable to deploy security products blindly. We recommend first performing a web application vulnerability assessment to accurately understand your current situation and take the most appropriate steps.
In Asgent’s Web Application Assessment Service, our highly experienced security specialists examine and identify vulnerabilities hidden in your web applications.
After the inspection, we provide a detailed yet easy – to – understand report and hold a briefingsession, we will explain the findings and propose specific measures for you to take moving forward.
For vulnerability assessments regardiing server infrastructure or networks, please refer to our “Security Plus Platform Assessment Service.”
Asgent’s Managed Security Service is officially registered on the “List of Services Conforming to the Information Security Service Standards” as a service that conforms to the “Information Security Service Standards” established by the Ministry of Economy, Trade and Industry (METI).
Features
-
Inspection and Reporting by Specialists
Our engineers, who have extensive experience in vulnerability assessments, can detect issues that automated scanning tools often miss. We provide detailed, easy-to-understand reports that include countermeasures tailored to the characteristics of your website. -
Re-Assessment Service and 30-day Q&A support
After you have implemented fixes for the identified vulnerabilities, we offer a re-assessment service to confirm that the issues have been fully resolved (optional). In addition, we provide 30 days Q&A support after the delivery of the report. This allows you to improve your security level while resolving any technical concerns related to security measures that require experience and expertise. -
Support for Both Onsite and R-emote Assessments
While our Web Application Assessment Service is typically performed remotely, we can also visit your specified location to conduct the assessment on-site if required.
Service Benefits
- Optimize Cost and Timeline: With accurate diagnostics from our security specialists, you can optimize the time and cost required for security measures.
- Reduce Risk of Data Leaks: Lower the risk of personal information leaks and the associated costs, such as legal damages.
- Enhance Reliability and Trust: By accurately assessing the safety of your website, you can increase your credibility as an operator.
- Objective Third-Party Assessment: Feedback from an independent third party provides an objective persopective, which is also effectively in external audit reports
Voices of Customers
Scope of Assessment
Service Flow
Service Details
Below are some of the assessment items. Please contact us for more details.
| Service Items | Contents | |
| Main Assessment Items | Cross-Site Scripting | We check for risks that malicious scripts could be executed via your web application. |
|---|---|---|
| Cross-Site Request Forgery | We check for risk where authorized actions or posts could be performed on another website without the user’s intent. | |
| SQL Injection | We check for risks where OS commands on the web server could be executed illegally from an external source. | |
| OS Command Injection | We check for risks where OS commands on the web server could be executed illegally from the outside. | |
| Directory Traversal | We check for risks where OS commands on the web server could be executed illegally from the outside. | |
| Forced Browsing | We check if content that is not intended for the public cloud be used or accessed illegally. | |
| Insufficient Authentication/Access Control | We verify if it is possible to access restricted content without completing a proper login process. | |
Reports
The report produced because of the assessment is a critical element for confirming the identified issues.
Asgent’s reports consist of two parts: a “Summary” section for administrators, and a “Vulnerability Details” section for engineers responsible for remediation. This structure allows each stakeholder to use the report according to their role and has been well received for its clarity.
