PROJECTS

Our projects

Ever since our establishment, we have focused solely on security assessment to help create a secure society.

  • Web Application

    1,235

  • Network

    985

  • Smartphone App

    420

  • IoT Security Measures

    15

CASES

Web Application

Web Application

A Major e-Commerce Enterprise

Vulnerability Assessment of an e-Commerce Website

Assessment Background

We received an order for security assessment of an updated version of an e-commerce website with several million users.
Our assessment discovered vulnerabilities in an added feature of the updated version that could lead to personal information leakage, which could have led to a fatal incident if left undetected.

Service Scale

Approximately 200 screens

Assessment Period

Approximately four weeks

Assessment Overview

We simulated attacks by accessing the actual network and inputting invalid values, manipulating requests, injecting malicious codes, etc.

Assessment Flow

1. Examine the structure of the system and determine the scope of vulnerability assessment We asked them first to specify the scope of web application assessment, after which we estimated the necessary workload.

2. Conduct vulnerability assessment of their web application, both using tools and manually

In combination with tool-based assessment, we conducted manual assessment of the target web application from the viewpoint of an attacker to detect vulnerabilities that cannot be detected by tools.

3. Report on the results of the web application assessment

We reported on the details of the risk assessment results, executive summary, and vulnerabilities that have been detected in their web application.

Smartphone Application

Smartphone Application

An SNS Service Provider

Vulnerability Assessment of an SNS App

Assessment Background

This client was initially developing an iOS app, but decided also to develop an Android version urgently. As they had no sufficient time to conduct vulnerability checks by themselves, they came to us for help.
We detected issues such as “leakage of local files through WebView” so that they were able to remove fatal vulnerabilities.

Service Scale

Approximately 50 screens

Assessment Period

Approximately one week

Assessment Overview

We conducted security assessment based on JSSEC’s Secure Coding Guidebook and OWASP Mobile Top 10. We analyzed the behavior of their app through reverse engineering.

Assessment Flow

1. Investigate service content of their smartphone app and clarify the scope of vulnerability assessment

We surveyed the characteristics of each app service and identify areas that need to be particularly prioritized in our vulnerability assessment.

2. Conduct a fully-manual security assessment of their smartphone app

We conducted a fully-manual security assessment. Our assessment techniques range from basic checks to advanced reverse engineering.

3. Report on the results of the analysis/assessment

We reported on vulnerabilities that have been detected, overall security level, possible exploits, and what measures should be taken.

Web Service

Web Service

A Major Telecommunications Company

Website

Assessment Background

This company asked for security assessment of their sales and contract website prior to its release. We detected a flaw that allowed malicious contracts to be made and prevented any damage from it before the release of the website.

Service Scale

Approximately 150 screens

Assessment Period

Approximately three weeks

iOS Application, Android Application

iOS Application, Android Application

A Major Social Game Provider

A Game App

Assessment Background

This game provider’s hit title suffered from repeated cheating and requested for anti-cheating assessment. We identified the causes of the cheat through memory-patching and binary-patching with our reverse engineering analysis to reproduce cheatings, and helped them solve the issue.

Service Scale

A game app featured on the top screen of the application store

Assessment Period

Approximately three weeks

Network

Network

A Major Consulting Firm

Network

Assessment Background

This firm asked for security assessment in the process of updating their internal network and adding new features. We conducted penetration test and led to a safe release of their new system.

Service Scale

Approximately 100 IP addresses

Assessment Period

Approximately three weeks

Automobile

Automobile

An Automobile Manufacturer

Penetration Test against Automobile IVI and TCU

Assessment Background

We performed a penetration test to see if the automobile can be maneuvered (driven, turned, or stopped) by accessing it through its interface with the Internet (IVI/TCU).

Assessment Period

Approximately four weeks

POC

POC

A Cryptocurrency Business Operator

POC (Proof of Concept)

Assessment Background

We performed a penetration test to verify the supplier-provided catalogue specifications of a newly-introduced security tool developed by an overseas enterprise.

Assessment Period

Five business days

Virtual Currency

Virtual Currency

A Major Game Company

Source Code Assessment

Assessment Background

We conducted a black-box test to conduct a comprehensive test, as well as a source-code-level assessment. We detected flaws that occurred during transitions, which cannot be detected by regular assessment.

Service Scale

Approximately 10,000 lines of code

Assessment Period

Approximately two weeks

Network

Network

A Major Telecommunications Company

Network Assessment as Part of the PCI DSS Assessment

Assessment Background

This company asked for security assessment as part of the PCI DSS assessment. We performed on-site assessment at over 10 bases nationwide.

Service Scale

Approximately 500 IP addresses

Assessment Period

Approximately three weeks

IoT Device

IoT Device

A Major IoT Enterprise

IoT Device

Assessment Background

We were asked to perform security assessment to prepare a new IoT device for release. We analyzed the device itself as well as data transmission between it and the control system, which led to a safe release of the product.

Service Scale

A novel device, the world’s first in its category

Assessment Period

Approximately three weeks

iOS Application, Android Application

iOS Application, Android Application

A Major Communications Company

Vulnerability Assessment Tool

Background

This company asked us to develop a tool for examining if an application behaves in ways that violate users’ privacy. We developed a self-assessment tool that captures the app’s transmission and automatically detects policy violation and tracking.

Service Scale

For approximately 120 target apps

Assessment Period

Approximately one year

Network

Network

A Major Communications Company

Network Security Tolerance Test

Assessment Background

We attacked the network of a client enterprise to see if its security measures worked as designed, and detected numerous flaws.

Service Scale

Approximately 50 IP addresses

Assessment Period

Approximately two weeks

AWARDS

Some of Ierae Security’s members are white hat hackers that have achieved excellent results at hacking events and competitions both in Japan and overseas.
We are proud of our engineer-minded members, who make no compromise in improving assessment technologies.

  • 2018

    世界1位

    DEFCON 26 Car Hacking Village

    at a CTF (Karamba Challenge) event, related to encrypted onboard communication networks

  • 2017

    世界4位

    Google CTF

    at a CTF event organized by Google, related to embedded device analysis, web services, etc.

  • 2017

    世界3位

    S4 CTF

    at a CTF event related to industirial control systems and systems for factories (OT)

  • 2017

    国内1位

    CAN Bus hack

    at CODEBLUE, one of the largest security forums in the world

サイバートラスト株式会社
株式会社サミーネットワークス
株式会社サイバーエージェント
株式会社S&P
株式会社フォトシンス

CONTACT

Please do not hesitate to contact us.

Wishing to solve security issues in your web services or apps and maximize profit? Please do not hesitate to contact us, as we will be delighted to help you.
Our highly experienced security engineers will test your system.