AI type/manual type security diagnosis service “RayAegis”

About RayAegis

AI type/manual type security diagnosis service “RayAegis”

RayAegis is a group of over 250 highly skilled white-hat hackers and security engineers around the world who work as security consultants for systems such as government agencies, financial institutions, major manufacturers, and transportation systems.

RayAegis' technical team includes master's and doctoral degrees in computer and information security from Carnegie Mellon University, Purdue University, and National Taiwan University in the United States, as well as various information security qualifications such as CISSP / CISM / CEH. It is made up of excellent security engineers, including experts who have acquired the following certifications.

With years of experience, we have a deep understanding of how hacker techniques, techniques, and management methods work together to protect a company's confidential information, including preventing unauthorized access by hackers and employees.

Combining the world's most advanced security and AI technologies, RayScanner and RayInvader, developed by RayAegis, use a database containing proprietary information synchronized with the U.S. government to detect whether a website or application has been hacked. We also efficiently check for unknown vulnerabilities such as zero-days and provide security services that meet the strictest international standards.

RayAegis service features

As technology advances, malicious hackers are using sophisticated programs and attack tools to attack corporate systems and steal data. As for attack methods as a whole, we focus on effective methods, such as using multiple vulnerabilities in combination depending on the effect and situation, rather than attacks that exploit a single vulnerability. Multi-vector attacks have become mainstream.

In response to these various security issues, RayAegis utilizes industry-leading technologies such as AI along with deep security knowledge to provide solutions that are easier, faster, cheaper, and more effective. We offer plans for advanced security diagnostic services.

Diagnosis target ・Web applications
・Software
・Hosts
・OS/platforms
・Mobile devices
・IoT devices
・Network devices
Diagnosis details ・Web security
・System denial of service (DoS)
・Data leakage
・Authentication management
・DB security
・Other customized diagnostic items
diagnostic tools ・Use different tools for each stage from over 50 tools
・Ownly developed automation plug-ins for various general-purpose tools
・Manual diagnostic tests by security engineers
・Ownly developed AI tools “RayScanner” and “RayInvader”
international standards ・NIST SP800-115
・OWASP TOP10
・OWASP IoT TOP10
・OSSTMM
・PCI DSS Compliance

Security diagnosis service plan

Each service is provided as a highly cost-effective service, with a simple pricing system based on "subdomain units (FQDN units)" that is not related to the number of pages or requests.

AI Quick Tool Vulnerability Diagnosis AI remote vulnerability diagnosis penetration test mobile app diagnostics
Features Advanced automatic vulnerability diagnosis using various proprietary tools Advanced and comprehensive vulnerability diagnosis using various proprietary tools Advanced penetration testing (including vulnerability diagnosis) that utilizes AI tools that can automatically generate exploits and combines zero-day attacks. High-speed tool diagnosis of a single mobile app package (server side authentication/authorization system is supported by API diagnosis option)
Diagnosis target Platform + Web application Web applications, intranets, etc. Mobile app/App connection destination API
Diagnostic items 45 items 68 items to 99 items 100 items OWASP TOP10 Mobile Risk Standard
Diagnostic method Remote diagnostics including AI tools AI tools + manual remote diagnosis by security engineers Package diagnosis using AI tools (API diagnosis includes manual diagnosis)
Diagnosis period 1 business day 3-5 business days 1-3 weeks App alone: ​​1 business day
API: 3-5 business days
Fee structure Flat fee per subdomain/FQDN (for penetration testing, charges are charged per IP/host for everything other than the web server) Application package/Flat rate fee per API server
Report format Reviewed report by security engineer Reviewed report by security engineer + report meeting Reviewed report by security engineer
After-sales support With re-diagnosis
(within 1 month after initial diagnosis)
With re-diagnosis
(within 3 months after initial diagnosis)
・Q&A regarding detailed repair procedures
・Re-diagnosis included
(within 1 year after initial diagnosis)
・App single re-diagnosis: Optional
・API re-diagnosis: Included in option

Security diagnosis service inspection items

Each security diagnosis service conducts a diagnosis based on test items that comply with standards such as OWASP. The main diagnostic tests to be performed are as follows.

Main inspection items Overview of inspection items
Information gathering Gather platform information such as each server application in the target environment
Inspect settings and configuration management Vulnerabilities related to allowed methods and network and application configurations
Inspecting identity management Vulnerabilities related to account management such as user registration and role settings
Certification inspection Vulnerabilities related to authentication, such as secure transfer methods of authentication information and password policies
Approval inspection Vulnerabilities related to authorization bypass, etc.
Inspect session management Vulnerabilities such as bypassing session management schemes
Data validation checks Vulnerabilities related to data validation such as SQL injection and cross-site scripting
Verifying error control Vulnerabilities related to error control such as returned error codes
Encryption check Vulnerabilities such as insufficient encryption and padding oracle attacks
Inspecting business logic Vulnerabilities related to business logic such as application processes
Client-side inspection Client-side vulnerabilities such as HTML, CSS injection, and JavaScript exceptions
Contact us/Download materials