INTELLILINK Web Application Diagnostic Service
In the cybersecurity customer satisfaction survey "IID Awards 2016" conducted by Network security information site ScanNetSecurity operated by IID, our "Security Diagnostic Service" received first place for overall customer satisfaction.
Web system diagnostic service for e-commerce
Although security measures for operating systems and server applications have been implemented to protect websites, number of accidents are occurring due to insufficient security measures for web applications.
INTELLILINK Web Application Diagnostic Service proposes a countermeasure policy necessary to implement appropriate management measures for personal and confidential information on websites, and provides advice on improvements.
Main causes leading to security incidents and impact
Websites published on the Internet carry various risks, such as leakage of personal information and confidential information, because they can be accessed unconditionally. It may not only trigger various security incidents, but also affect a social credibility and corporate image of the company.
Examples of threats and vulnerabilities addressed by Web application diagnosis
Web application systems have various factors and weaknesses that can lead to the leakage of confidential information such as personal data.
Examples of threat
- Viewing or accessing unauthorized data
- Leakage of user ID, password, session information, etc.
- System hijacking due to execution of arbitrary system command
- Session hijacking due to leakage of session information
- Loss of credibility due to delays in mail delivery or mail being used as a zombie
- Alteration or deletion of data in DB
Examples of vulnerability
- Insufficient validity check of parameter values
- Illegal acquisition of parameter values
- Web application bugs
- Cross-site scripting
- Misuse of the email function
- Unauthorized access to DB through query statement operations
Web application diagnosis identifies risk of information leakage.
Features of INTELLILINK Web Application Diagnostic Service
Web application diagnostics
- We inspect problems according to our own inspection items.
- We perform work mainly by key operations and conduct inspection with a high degree of accuracy.
- We also use a dedicated scanner for Web application diagnosis to provide highly comprehensive inspections.
- Based on the inspection results, we report the problem accurately and precisely.
Briefing
- We determine the safety level of the system as a whole considering the network configuration and system configuration.
- For each vulnerability, we provide examples of preconditions and attack techniques and determine the degree of risk in the event of damage.
- We pinpoint problems at the parameter level.
- We propose countermeasure policy and provide advice on improvements.
Benefits of Web Application Diagnosis
- The risk of personal information leakage and associated damage can be reduced.
- By clarifying the extent of impact and the degree of risk from the problem, effective improvements can be carried out by assigning priorities.
- A precise improvement policy can minimize the time and cost required for improvements.
Flow of INTELLILINK Web Application Diagnostic Service
Understanding website structure |
Diagnostic work | Problem analysis | Briefing |
---|---|---|---|
Conduct an interview regarding the diagnosis target. | Conduct accurate and precise diagnosis by using tools, verifying manual operations and source code. | Organize the details of the vulnerabilities found and find out specific problems. | Explain the contents of the report to the customer. Also, answer any questions that customer may have. |
*This service is registered under "Information Security Service Standards Examination and Registration System" by the Japan Security Audit Association (JASA), a non-profit organization, which conducts the audit and registration.