Cloud-based web application vulnerability diagnosis “VAddy”

About VAddy

Cloud-based web application vulnerability diagnosis “VAddy”

VAddy is a cloud-based web vulnerability diagnosis service that enables developers to diagnose web application vulnerabilities themselves. Web application vulnerability diagnosis, which used to be performed at the final stage of development, can now be run as many times as you like from the early stages of development.

Features of VAddy

Start scanning in as little as 10 minutes after signing up

After registering the host to be inspected, simply register the URL and parameters of the screen you want to inspect in VAddy, and vulnerability diagnosis corresponding to realistic threats will be executed. Only parts of a web application where functionality has been added or modified can be quickly inspected, so vulnerability diagnosis can be completed in about 10 minutes each time, even for large-scale web applications.

It is possible to build an automatic inspection environment that matches the environment, such as CI coordination and periodic execution.

Image of automatic inspection environment tailored to the environment

We provide command tools to automate running vulnerability assessments and retrieving results. Using the WebAPI key provided by VAddy, you can freely construct an inspection environment that suits your development cycle, such as automatic execution of inspections in conjunction with CI (Continuous Integration), or daily regular execution using a shell. can do.

Main vulnerability diagnosis functions

Inspection items for vulnerability diagnosis
(compatible with IPA standards)		 ・SQL injection
・Cross-site scripting (XSS)
・Command injection
・Remote file inclusion (RFI)
・Directory traversal
・Blind SQL injection
・HTTP header injection
・XML external entity attack (XXE)
・Insecure deserialization


SSRF vulnerability Public file inspection , cross-site request forgery (CSRF)
, email header injection inspection
, clickjacking inspection
, buffer overflow inspection
, session management deficiency inspection
, access/authorization control deficiency inspection
Main specifications/features ・Japanese language support
・Inspection report download (PDF)
・Diagnosis for local environment
External collaboration ・CI cooperation
・Web API
Contact us/Download materials