INTELLILINK Web Application Diagnostic Service

IID Award Cybersecurity Customer Satisfaction First Prize 2016

In the cybersecurity customer satisfaction survey "IID Awards 2016" conducted by Network security information site ScanNetSecurity operated by IID, our "Security Diagnostic Service" received first place for overall customer satisfaction.

Web system diagnostic service for e-commerce

Although security measures for operating systems and server applications have been implemented to protect websites, number of accidents are occurring due to insufficient security measures for web applications.

INTELLILINK Web Application Diagnostic Service proposes a countermeasure policy necessary to implement appropriate management measures for personal and confidential information on websites, and provides advice on improvements.

Main causes leading to security incidents and impact

Websites published on the Internet carry various risks, such as leakage of personal information and confidential information, because they can be accessed unconditionally. It may not only trigger various security incidents, but also affect a social credibility and corporate image of the company.

Example leading to security incidents

Examples of threats and vulnerabilities addressed by Web application diagnosis

Web application systems have various factors and weaknesses that can lead to the leakage of confidential information such as personal data.

Examples of threat

  • Viewing or accessing unauthorized data
  • Leakage of user ID, password, session information, etc.
  • System hijacking due to execution of arbitrary system command
  • Session hijacking due to leakage of session information
  • Loss of credibility due to delays in mail delivery or mail being used as a zombie
  • Alteration or deletion of data in DB

Examples of vulnerability

  • Insufficient validity check of parameter values
  • Illegal acquisition of parameter values
  • Web application bugs
  • Cross-site scripting
  • Misuse of the email function
  • Unauthorized access to DB through query statement operations

Web application diagnosis identifies risk of information leakage.

Features of INTELLILINK Web Application Diagnostic Service

Web application diagnostics

  • We inspect problems according to our own inspection items.
  • We perform work mainly by key operations and conduct inspection with a high degree of accuracy.
  • We also use a dedicated scanner for Web application diagnosis to provide highly comprehensive inspections.
  • Based on the inspection results, we report the problem accurately and precisely.

Briefing

  • We determine the safety level of the system as a whole considering the network configuration and system configuration.
  • For each vulnerability, we provide examples of preconditions and attack techniques and determine the degree of risk in the event of damage.
  • We pinpoint problems at the parameter level.
  • We propose countermeasure policy and provide advice on improvements.

Benefits of Web Application Diagnosis

  • The risk of personal information leakage and associated damage can be reduced.
  • By clarifying the extent of impact and the degree of risk from the problem, effective improvements can be carried out by assigning priorities.
  • A precise improvement policy can minimize the time and cost required for improvements.

Flow of INTELLILINK Web Application Diagnostic Service

Understanding website
structure
Diagnostic work Problem analysis Briefing
Conduct an interview regarding the diagnosis target. Conduct accurate and precise diagnosis by using tools, verifying manual operations and source code. Organize the details of the vulnerabilities found and find out specific problems. Explain the contents of the report to the customer. Also, answer any questions that customer may have.
SSS Mark

*This service is registered under "Information Security Service Standards Examination and Registration System" by the Japan Security Audit Association (JASA), a non-profit organization, which conducts the audit and registration.

* These products or services are only available in Japan.

INTELLILINK Web Application Diagnostic Service