We are in charge of security consulting agreement related to IT, and consulting of development project unit
In the present IT society, in doing countermeasures for security risks that occur daily, it is necessary to have a professional knowledge regarding cyber security.
Hiroshi Tokumaru, the leading web security expert, leads the group of professional in our company.
Based on the abundant achievements, it is possible to support countermeasures based on the latest trends in security.
Consulting Agreement for Necessary Security Risks in Management Decision
We give advice based on professional knowledge regarding cyber security countermeasures and security strategy planning, security incident, etc. Members led by the IPA’s (Information-Technology Promotion Agency) part-time researcher, Hiroshi Tokumaru, conduct consulting as advisors.
This is the most suitable consultation destination in case when “there are no security specialists within the company” or “there are no personnels who are technically knowledgeable within the company”.
Consulting about Requirements Definition of Web Application Development, etc.
We conduct consultation about security requirements when outsourcing web application and web site development tasks. We improve security level by clarifying the scope of the responsibility of the outsourcing company and by standardizing the security countermeasures of the production company through “creation of grand design of security policy”, “inspection of security specifications attached in RFP (Request for Proposals)”, and “advice on acceptance method”.
Manually and accurately checking security holes
This company offers a service that extracts vulnerability hidden in web applications under the supervision of the leading web security expert, Hiroshi Tokumaru. In addition to the diagnosis covering “Learn Systematically How to Make a Secure Web Application” supported by many web professionals and the industry standard guideline, “OWASP TOP10 (2017 edition)”, we can give a report that includes not only the result but also a modification method proposal by doing manual inspection performed by technical experts with development experience.
Profile of Mr. Hiroshi Tokumaru:
After joining Kyocera Corp. in 1985, he engaged in software development and planning. In 1999, he became interested in Web Application Security, inspired by the method design of authetication billing basis for mobile phones. In the year 2004, he commercialized the same field, and independently established HASH Consulting Inc. (Currently: EG Secure Solutions Inc.) in 2008. While doing vulnerability examination and consulting work, he is conducting security awareness program through blogs and workshops.
Business Flow Chart
It is a basic examination that detects vulnerability by comprehensive examination while operating the web application to be examined. items to be emanined cover “OWASP TOP 10 (2017 edition)” and “How to Make a Safe Website”.
It is an examination which examines in more details. Since it checks specifications up to source codes, it can find the vulnerability of systems undetective on the surface, etc. It also covers items added in “OWASP Top 10” (2017 edition).
Examination of Web Health
A simple examination based on the specification worked out by the municipality security department of the local municipality Inforaiton Center. Speaking of simplified examination, in general, there are many cases that only a few basic components to be examined are included. However, Web Health Examination conducts an extensive investigation which covers 13 components
Comprehensively checks issues on security. Technical experts with development experience diagnose vulnerability.
Due to the rapid increase of smartphone applications, insufficiency on know-how about security on the development side, etc., there are many cases where applications are released without adequate security measures and there are concerns about the occurence of serious incidents.
In this company, we take advantage of our extensive experience in vulnerability examination in web applications, with companies developing EC, games, financial-related smartphone applications, etc. as our target, our technical experts with development experience comprehensively checks security issues such as data protection, encryption, etc.
Business Flow Chart
Strengths and Points of Services
1. Examination Method that will make Fundamental Measures of Vulnerability Possible
We can give timely and reasonable correspondence to the needs of all Web operators in the country by doing remote examination via internet. On-site examination is also possible depending on the demand.
Starting from API examination through blackbox test, we implement “static response analysis”, where technical experts with experience in application development visually examine source code, “dynamic response analysis”, where we execute program on the dedicated PC and investigate inappropriate operation, and examination from various aspects.
2. Freely use professional knowledge and comprehensively check issues on security
In this company’s vulnerability examination, we perform comprehensive checks based on wide range of examination items ranging from data protection to encryption, authentication and session management, network communication, program code, reverse engineering, platform API, and server API. We constantly review examination items so that we can deal with new security threats that are occured everyday. Aside from development language for Android, we also support examination on iOS development language, examination of source code, and examination on third party environments such as Unity.
Prepares appropriate security training for regular employees, personnels in charge on WEB, and engineers
In the company, we conducted a training supervised by Hiroshi Tokumaru, the leading expert in the field of Web Security. As per your request, we prepare the contents of the training from basic courses about the do’s and dont’s in work such as password management, up to the practical training for engineers as well as how to pin down the vulnerability trend for the Web support staff.
Strengths and Points of Services
1. Security Course for General Employees and Web Personnels Where Everyone Will Learn from the Basics
We prepare “Information Security Literacy Course” for general employees such as software update, password management method, etc., and “Security Course for Web Personnels” where they will learn vulnerability trends that they have to understand and corresponding method. It is also possible to customize according to your company’s request.
2. Practical training for web developers in accordance to the curriculum supervised by Hiroshi Tokumaru, the leading person of web security field.
Our security training is based on “体系的に学ぶ安全なWebアプリケーションの作り方 脆弱性が生まれる原理と対策の実践(Eng: Leaning systematically how to make safe web applications -the mechanism of birth of security hole and its prevention)” also known between developers as “Tokumaru Book”. The training is conducted in accordance to the curriculum made by the author of the book Hiroshi Tokumaru.For example, by using ” application for seminar” includes brittleness noted in “web health assessment”, we can provide seminar nearer to actual situation, and explanation of hand diagnose tool, diagnose method, knowledge against brittleness, also we can respond to high level education to make their own brittleness diagnose.
Thank you for visiting our website. Please complete the form below, so we can provide quick and efficient service.
(02) 8478-7693 or (02) 8478-7674