Gehirn's vulnerability assessment detects advanced and specialized problems through pseudo-attacks using the same perspective and methods as the attacker (hackers).
In order to prevent software vulnerabilities from being exploited, it is essential to conduct a "risk assessment," which is similar to a medical checkup for humans, to detect problems, correctly assess the risks, and determine how to deal with the risks.
Gehirn generally opts to perform precise diagnosis by manual work, while skilled diagnosticians use tools as a supplement when working to detect vulnerabilities.
Compared to cases where tools are mainly used for automatic diagnosis, the detection rate of vulnerabilities in privileges and authentication, which are difficult to detect with tools, is considerably higher. For example, major vulnerabilities that are revealed by compounding exploits of minor vulnerabilities.
In addition to many graduates of security camp seminars, we have top-class members in Japan and abroad who have won hacking contests and awards, reported vulnerabilities in overseas communities, and won prizes for reporting vulnerabilities.
After the diagnosis is completed, all the diagnosticians gather to review each other's diagnosis results for other cases, and confirm the diagnosis results with as many experts as possible. All reports are reviewed by each of Gehirn's diagnosticians before they are delivered to the client.
After the diagnosis, Gehirn will conduct re-diagnosis and debriefing sessions, if requested by the customer. If there are any questions or anything remains unclear regarding the contents of the report, the diagnostician will provide additional explanations and support for modifications to make the customer's service safer.
Our web application vulnerability assessment service has our security consultants take the point of view of an attacker to launch a pseudo-attack on the target service in order to discover hidden vulnerabilities.
Smartphone application diagnosis includes analysis of the distributed package files and detection of vulnerabilities in the APIs used by the application.
Platform diagnosis checks for known vulnerabilities and configuration flaws in the services and operating system running on the server to be diagnosed.