What Can Vulnerability Assessment Do?
Vulnerability assessment is a process of identifying, quantifying, and prioritizing vulnerabilities in a system. It is a crucial step in ensuring the security of a system. A vulnerability assessment can be performed manually or using automated tools.
Arrangility collaborating with GMO Cybersecurity by Ierae, Inc., a company that specialized in vulnerability assessments using the world's leading analysis technology, to provide hybrid security assessment of Android apps, iOS apps, web apps, networks and IoT devices through both manual and tool-based approaches. By integrating product verification and vulnerability assessment, we can collectively manage information and achieve high quality and high levels of security at the same time.
Highly reliable security
Identifying and fixing vulnerabilities can reduce the risk of attacks and protect your service from potential threats.
Improve Operational Efficiency
Managing verification and diagnosis schedules in one place can reduce time, giving you more time to handle profitable business needs and processes
Integrating product verification and vulnerability assessment process can significantly reduces cost
Web app vulnerability assessment
A hybrid assessment of tools and manuals. High level of reliability and security, backed by the extensive experience of assessing over 5000 apps.
- Perform assessment of web apps developed in Java, PHP, Perl, Ruby, etc.
- Perform pseudo attacks over the network(i.e. input illegal values, falsified requests, insert illegal code, etc.), to check for vulnerabilities in design, implementation, logic, etc. that could lead to unauthorized access, info leaks, or service exploits.
- I/O processing, authentication/authorization, session management, web server configuration, Web 2.0 and more.
iOS & Android app vulnerability assessment
Conduct reverse engineering using advanced analysis techniques to assess both iOS and Android apps. Also support Windows and Mac applications.
【Android app assessment】
- Check access restriction for data sharing function, check inter-app communication
- WebView vulnerabilities
- Device data protection
- Obfuscation and stubbing check (whether the .NET source code is hidden by the program using Unity)
【iOS app assessment】
- Check log output, check inter-app communication
- WebView vulnerabilities
- Safeguards against attacks that use iFunbox Obfuscation and stubbing check (whether the .NET source code is hidden by the program using Unity)
Checking server OS and services by imposing load as little as possible while the system in operation, to identify any risks that may exist in the assessment target. Penetration testing is also available.
- Assess network-based service servers, such as DNS servers, mail servers and directory servers
- Assess network devices such as routers, firewalls and VPN devices
- Penetration testing
IoT device vulnerability assessment
Manual assessment for IoT device security issues
- Protocol assessment: Asses whether it is possible to elicit behaviors that would benefit an attacker by testing abnormal requests according to device-specific protocols, as well as requests that attempt to bypass authorization
- DoS Testing: Assess whether sending anomalous content and a large amount of requests to a device can hamper its operation
- Firmware testing: Examine the device's firmware update file and update process to determine whether secret logic and keys can be analyzed and whether unauthorized uploads (such as modified firmware) can be applied
- Other: Assess whether any attack can exploit the specific characteristics of the device