Cloud-based web application vulnerability diagnosis "VAddy"

About VAddy

Cloud-based web application vulnerability diagnosis "VAddy"

VAddy is a cloud-based web vulnerability assessment service that enables developers to assess web application vulnerabilities themselves. Vulnerability assessments of web applications, which were previously only performed at the final stage of development, can now be performed as many times as needed from the early stages of development

VAddy Features

Start scanning in as little as 10 minutes after signing up

After registering the host to be inspected, simply register the URL and parameters of the screen you want to inspect in VAddy to perform vulnerability assessments that address realistic threats. Because it can quickly inspect only the areas of a web application where new features have been added or modified, vulnerability assessments can be completed in approximately 10 minutes per run, even for large-scale web applications

It is possible to build an automated inspection environment that suits your environment, such as CI integration and periodic execution

Image of an automated inspection environment tailored to the environment

We provide a command line tool that automates vulnerability assessment and results retrieval. By using the WebAPI key provided by VAddy, you can freely configure your testing environment to fit your development cycle, such as automatically running tests in conjunction with CI (Continuous Integration) or running tests on a daily basis using a shell

Main vulnerability assessment functions

Vulnerability assessment test items
(IPA standard compliant)		 ・SQL injection
・Cross-site scripting (XSS)
・Command injection
・Remote file inclusion (RFI)
・Directory traversal
・Blind SQL injection
・HTTP header injection
・XML external entity attack (XXE)
・Insecure deserialization
・SSRF vulnerability
・Private file inspection
・Cross-site request forgery (CSRF)
・Email header injection inspection
・Clickjacking inspection
・Buffer overflow inspection
・Inspection for improper session management
・Inspection for improper access/authorization control
Main specifications/functions ・Japanese language support
・Download inspection report (PDF)
・Diagnosis for local environment
External collaboration ・CI integration
・Web API
Inquiries/Download materials