QA SERVICES

SECURITY ASSESSMENT

Human Crest's vulnerability assessment

Features of Human Crest's Vulnerability Assessment

We have collaboration with Ierae Security, a company specialized in vulnerability assessments using the world's leading analysis technology, to provide hybrid security assessment of Android apps, iOS apps, web apps, networks and IoT devices through both manual and tool-based approaches.
By integrating the handling of both product verification and vulnerability assessment, we can collectively manage information and achieving high quality and high levels of security at the same time.

Features of Human Crest's vulnerability assessment

Vulnerability Assessment Service Options

❶ Web app vulnerability assessment

Hybrid assessment of tools and manuals.
High level of reliability and security, backed by the extensive experience of assessing over 5000 apps.

  • Perform assessment of web apps developed in Java, PHP, Perl, Ruby, etc.
  • Perform pseudo attacks over the network(i.e. input illegal values, falsified requests, insert illegal code, etc.), to check for vulnerabilities in design, implementation, logic, etc. that could lead to unauthorized access, info leaks, or service exploits.
  • I/O processing, authentication/authorization, session management, web server configuration, Web 2.0 and more.

❷ iOS & Android app vulnerability assessment

We conduct reverse engineering using advanced analysis techniques to assess both iOS and Android apps.
We can also handle Windows and Mac applications.

    【Android app assessment】
  • Check access restriction for data sharing function, check inter-app communication
  • WebView vulnerabilities
  • Device data protection
  • Obfuscation and stubbing check
    (whether the .NET source code is hidden by the program using Unity)
    【iOS app assessment】
  • Check log output, check inter-app communication
  • WebView vulnerabilities
  • Safeguards against attacks that use iFunbox
  • Obfuscation and stubbing check
    (whether the .NET source code is hidden by the program using Unity)

❸ Network Assessment

While imposing load, as little as possible, on the system in operation, we check the server OS and services, to identify whether risks exist in the assessment target.
We can also provide penetration testing.

  • Assess network-based service servers, such as DNS servers, mail servers and directory servers
  • Assess network devices such as routers, firewalls and VPN devices
  • Penetration testing

【Penetration Testing】
We have added penetration testing in our assessment options, which diagnoses vulnerabilities by executing a simulated cyber attack (equivalent to a hacker attack).
In addition to our existing assessments of networks and web apps, we also offer even more precise assessments of internal and external server vulnerabilities by performing APT attack tests that deploy custom pseudo-malware.

❹ IoT device vulnerability assessment

A manual assessment of IoT device security issues

  • Protocol assessment: Assesses whether it is possible to elicit behaviors that would benefit an attacker by testing abnormal requests according to device-specific protocols, as well as requests that attempt to bypass authorization
  • DoS Testing: Assess whether sending anomalous content and a large amount of requests to a device can hamper its operation
  • Firmware testing: Examine the device's firmware update file and update process to determine whether secret logic and keys can be analyzed and whether unauthorized uploads (such as modified firmware) can be applied
  • Other: Assess whether any attack can exploit the specific characteristics of the device

Process Flow to Assessment

Interview on details of the service or product to be diagnosed

We provide an estimate based on the details and documentation

Service application

After reviewing the estimate, the customer applies for the service

Assessment conducted

Submission of the result report

Report presentation can also be provided as necessary

Submission of report on discovered vulnerabilities and results

Re-assessment

Re-assessments can be conducted as necessary

Service Examples

Service Example ①
Project Pre-release testing and vulnerability assessment of an e-commerce website
Issues and requirements Unauthorized access targeting a framework vulnerability was discovered.
Use the opportunity of a complete e-commerce website overhaul to conduct both pre-release testing and a vulnerability assessment.
Approach Implement work efficiently by scheduling the pre-release testing and vulnerability assessment together
Result We were able to prevent incidents by discovering security vulnerabilities before the overhauled e-commerce website was launched.
As the company has begun an organization-wide focus on security measures, we have been able to prevent security incidents since then.
The company is also creating a set of Vulnerability Assessment Guidelines under supervision of Human Crest.
Service Example ②
Project Rental search engine for a major portal site
Issues and requirements According to the company's internal rules, an assessment is required before every new release.
The existing site is also periodically assessed once or twice a year.
Approach Conduct a hybrid assessment of web apps using both manual and tool-based methods.
Although no major problems have been identified to date, we advise on more secure methods whenever a minor issue is discovered.
Result We were able to support the release of a highly secure and smoothly running website system.
Service Example ③
Project Vulnerability assessment for the campaign website of an advertising and marketing company
Issues and requirements A security incident occurred due to communication being insufficiently encrypted.
Approach Respond immediately and conduct a security assessment
Result Within a short period of time, we were able to provide a detailed report, making it possible to improve security.
Service Example ④
Project Security assessments and quality verification of each service of a company that undertakes multiple projects
Issues and requirements Conduct a pre-release verification and security assessment for multiple projects at once
Approach Work efficiently by organizing schedules for multiple projects
Result By handling the testing process and security assessment at the same time, we are able to achieve high levels of security and reliability, while improving quality and reducing costs.
Service Example ⑤
Project IoT product verification and vulnerability assessment
Issues and requirements Ensuring a safer and more secure system for the products, for which hacking prevention is essential as the number of users expands.
Approach Verify and assess both the product itself and the web. Assess the equipment manually by dismantling it.
Carry out verification and assessment in parallel, and repeat the process if any problem is found.
Result By repeating the process of verification and assessment and executing all the work collectively, we are able to improve efficiency and reduce cost.

Innovation, Study & Humanity

Human Crest — we will deal with humanity to help you create software quality one step ahead.

Human Crest Group

Inquiry