Gehirn's vulnerability assessment specializes in both automated detection and manual 'developer's perspective' assessment.
In conducting risk assessment, you can rely on Gehirn's Vulnerability Assessment*, which uses expert knowledge to find problems in the system and report the risks.
* A vulnerability in software is "an implementation or specification problem (exploitable bug) that can be used by a third party who is not an authorized administrator or user to hijack the system or acquire confidential information."
We discover advanced and specialized problems through pseudo-attacks using the same point of view and methods as the attackers (hackers). When we report the problems we find, we provide detailed and easy-to-understand explanations so that developers can understand them as well.
In addition to reporting the problem, we can also suggest ways to fix the problem using our knowledge as experienced software developers.
Vulnerability assessments can be roughly divided into automatic assessments using tools and manual assessments by assessors. At Gehirn, we use automated tool-based assessments only as a supplement, as we primarily conduct manual assessment. Gehirn specializes in diagnosis from the perspective of a developer, including "potential issues" and "future development advice" that cannot be detected or provided by tools alone.
Before Release
The scope will be selected and diagnosed according to your budget. If any problems (vulnerabilities) are found, you'll be able to fix them before release.
Regular (Once Yearly)
We'll make a comprehensive diagnosis of the entire service, including the absence of any problems. Similar to a medical checkup for us humans.
Remote Diagnosis
Wherever you've prepared your development environment (test environment), we will diagnose the problem from our office via the Internet.
On-Site Diagnosis
We can diagnose the problem from the customer's specified location. This is recommended when you want to get the diagnosis results close to the actual usage conditions.
* Please apply well in advance, taking into account the revision period.
Please feel free to contact us for a quote or to request a sample diagnosis. A representative will contact you as soon as they can.
Get In Touch
"When I was a high school student, I came across a vulnerability in my favorite service by accident. Since then, i'm continually shocked by the fact that vulnerabilities are so common all around us. I've been discovering and reporting various vulnerabilities through the vulnerability reporting system and bug bounty system, ever since."
He's been in charge of analysis and security assessments at Gehirn since 2013, and has analyzed hundreds of systems. He's reported thousands of vulnerabilities and has participated in the Security & Programming Camp 2010 Web Security group. In addition, he has won prizes in vulnerability discovery contests and has spoken at security-related events.
He is a graduate of Security Camp 2012 Software Course, specializing in web application vulnerability assessment and has reported many vulnerabilities of domestic and international websites as a bug hunter.
He completed the Web Security Class at the Security Camp National Conference 2014. Since then, he has participated as a tutor in regional and national conferences of the same event. He enjoys researching and finding vulnerabilities in browsers and web applications.
He also participates in the Vulnerability Bounty Program, receiving bounties from Mozilla Firefox and other web applications that have domestic and international vulnerability bounty programs.
He became interested in information security after his home PC was hacked when he was in the sixth grade. After coming to Japan, he started bug hunting in 2010 to earn a living, and has reported more than 100 vulnerabilities in the services of major Chinese companies. In his spare time, he spends his time not only participating in XSS Challenges, but also creating and contributing to the challenges.
We audited the web portion of the DRM system, reported vulnerabilities in the pre-release verification phase, and completed the correction process before the launch of the service. The number of users is over 1 million in Japan.
Roughly 300 pages
About 4 weeks
Continuing from the time of the release, regular checkups are conducted every six months, focusing on the main areas of change. The scale of membership is tens of millions in Japan.
Roughly 50 pages
About 1 week
Conducted diagnostics of IoT home appliances and their control smartphone apps. We support the development of product services from the perspective of preventing unauthorized access/operation.
Roughly 30 APIs, Smartphone Application
About 2 weeks
Our web application vulnerability assessment has our security consultants take the point of view of an attacker to launch a pseudo-attack on the target service in order to discover hidden vulnerabilities.
See More
Smartphone application diagnosis includes analysis of the distributed package files and detection of vulnerabilities in the APIs used by the application.
See More
Platform diagnosis checks for known vulnerabilities and configuration flaws in the services and operating system running on the server to be diagnosed.
See MoreIf you have any questions about Gehirn's vulnerability analysis or disaster prevention information distribution system, feel free to contact us via the form below. One of our representatives will respond as soon as they can.