Flatt Security Co., Ltd. Responding to web service development trends, launching a new menu for security diagnosis, “SPA diagnosis”

Flatt Security Co., Ltd.
Responding to web service development trends, launching a new menu of security diagnostics “SPA diagnostics”
Diagnose the web service front end in a white box format to
investigate and verify security risks

Flatt Security Co., Ltd. (President: Yasutaka Ide; hereinafter referred to as Flatt Security), which develops cyber security-related businesses for product development organizations, has identified a security risk (vulnerable We are pleased to announce that the “SPA Diagnosis” (URL: https://flatt.tech/assessment/spa), which
investigates and verifies sexuality), will be available today from November 16th (Wednesday).
[Image 1d27502-38-0018b271b4ca1832afd1-0.png&s3=27502-38-8d36d02e5a270add29bce8920995ed29-1801x945.png
“SPA Diagnosis” is a “white box format” diagnosis menu in which security engineers check for vulnerabilities by investigating and verifying the SPA source code, specifications, and design documents. It is possible to detect vulnerabilities that are difficult to discover with “black box style” diagnostics, in which security engineers conduct simulated attacks from the standpoint of outside the development organization to investigate vulnerabilities.
By using it in combination with the security diagnosis menu “Web application diagnosis”, it is possible to investigate and verify security risks along with the server side that functions as the back end of the service.
■What is SPA?
It is a mechanism that can provide diverse and rich content at high speed on a single web browser page without page transitions. While the framework before SPA (MPA) required page switching for each content switching, SPA makes it possible to express various contents on a single page without page switching. Web services that implement SPA are easy to improve UI and UX, so it has become a trend in recent Web service development.
■ Background of the start of provision
Cyber-attacks targeting vulnerabilities in web services continue to rise, and the sophistication of methods and the diversification of attack targets have accelerated in recent years.
In addition, with the advent of SPA, the range of functions that can be realized on the front end of Web services has increased, and front-end vulnerabilities have diversified. It has become essential to Flatt Security has long supported the security measures of web service development organizations by providing “web application diagnostics” that investigates the security risks of both the front-end and back-end of web services in a black box format. This time, we have decided to newly provide “SPA Diagnosis” in order to realize more secure web service development by specializing in SPA, which is a trend in web service development, and performing advanced
vulnerability detection. .
■ Overview of “SPA Diagnosis” (URL: https://flatt.tech/assessment/spa) Diagnose the front end of the web service that implements the SPA in a white box format. Flatt Security’s security engineers read and check the front-end source code of the web service to be diagnosed to verify and investigate vulnerabilities. Compared to the black box format security diagnosis, it is possible to identify vulnerabilities more comprehensively, and the major feature is that it can also detect advanced vulnerabilities that were difficult to discover with the black box format.
[Image 2d27502-38-ac30046e98fdf4d38f64-1.png&s3=27502-38-2ca6015341dd4f8754ce82e011b7f4a5-2640x1315.png
-Diagnostic perspective (example)-
DOM-based XSS
A vulnerability in which a malicious script injected from the outside is executed due to the SPA’s JavaScript not properly processing user input values.
CSS injection
 Vulnerability that the data inside the HTML is leaked by injecting a style sheet or d27502-38-cc1527e6a2c9a57fa3cb-2.png&s3=27502-38-a5855061a2982ee1c9449f021534244a-608x400.png
Mitsui & Co. Digital Asset Management Co., Ltd. uses “SPA Diagnosis” and “Web Application (API) Diagnosis” to provide “ALTERNA PRO (former name: ALTERNA)”, an online investment service limited to professional investors (URL: https:/ /www.alterna-x.com/) was investigated and verified. We have published an interview article about the background and outline of the diagnosis, so please refer to the URL below. ・ Diagnosis case interview (Mitsui Bussan Digital Asset Management Co., Ltd.) URL: https://flatt.tech/assessment/voice/mdm
■ About “Security Assessment” (URL: https://flatt.tech/assessment/detail) This is a service in which security engineers investigate and verify whether web services and smartphone applications have vulnerabilities that could lead to information leaks or unauthorized use, and report them. Also known as “vulnerability assessment”.
Flatt Security’s “Security Diagnosis” is conducted by experienced security engineers who have a track record of diagnosing a wide range of industries, from SaaS providers to social infrastructure providers and financial institutions, and who understand the diversifying development environment. In addition to application implementation, we also support a wide range of public clouds such as AWS, GCP, Azure, and mBaaS such as Firebase, so it is possible to identify risks in a more diversified manner. We will also provide a report after conducting the diagnosis in a form that is close to each development environment and developer.
■ About Flatt Security Co., Ltd.
[Image 4d27502-38-b31c029203fb6e5a3cd0-3.png&s3=27502-38-703f4668397a8dd580fe8a37b7081a78-1130x548.png
A security startup from the University of Tokyo. Since the launch of the security business in 2019, we have been developing various security businesses for web product development organizations under the corporate catchphrase of “delivering next-generation security services for developers and accelerating product development around the world.” .
● KENRO, a cloud-based learning platform for secure design and development (URL: https://flatt.tech/kenro)
We offer a free, unlimited trial period just by registering your email address. For details, please refer to the URL above.
●Shisho Cloud, a security platform that protects the software supply chain (URL: https://shisho.dev/jp)
A security platform for developers that protects the security of the series of processes (software supply chain) from software development to provision. Optimize security operations costs and support risk management across the software supply chain.
■ Inquiries about services
 Flat Security Co., Ltd.
 Contact form: https://flatt.tech/contact
◼︎Company information
Company name: Flatt Security Co., Ltd.
Representative: Yasutaka Ide, President and Representative Director Location: Core Hongo Building 2A, 3-43-16 Hongo, Bunkyo-ku, Tokyo 113-0033 Established: May 23, 2017
Business description: Cyber ​​security-related services
Website: https://flatt.tech
Blog: https://blog.flatt.tech
Vue.js logo: (C)︎ Evan You (CC BY-NC-SA 4.0 with extra conditions(It’s OK to illustrate a commercial product’s Vue.js integration in its marketing copy.)) / React logo: (C)︎ Meta Platforms, Inc. (CC BY 4.0) / Angular logo: (C)︎ Google (CC BY 4.0)
CC BY-NC-SA 4.0: https://creativecommons.org/licenses/by-nc-sa/4.0/ CC BY 4.0: https://creativecommons.org/licenses/by/4.0/
Copyright (C) 2022 Flatt Security, Inc. All Rights Reserved.

Details about this release:


Leave a Reply

Your email address will not be published.

%d bloggers like this: