What vulnerability diagnostic and assessment services do you provide?

During app development, we keep your project secure according to the IPA/ISEC: Measures for Information Security Vulnerabilities and other guidelines. We also conduct periodic inspections as described below.

For independent vulnerability assessments, we set up a fully qualified domain name (FQDN) and use VAddy to perform automated scans daily.

Please note that we do not provide vulnerability assessment findings. Therefore, please make separate arrangements or requests if needed. Alternatively, you can set up assessments via VAddy in Kuroco's admin panel.

If you perform frequent vulnerability assessments using other services, we can also adjust our security measures based on your findings.

For more information, see About: Kuroco's security measures.

Performing your own vulnerability diagnoses

• You do not need to inform us before performing vulnerability diagnoses on your Kuroco environment.
• We do not accept requests to unblock access during the diagnostic period (due to the possibility that a DDoS will be detected and blocked in the cloud infrasture, e.g. Fastly or GCP.)
• Please note that if the vulnerability diagnosis incurs a larger Kuroco usage fee, we will not be able to reduce it. Since the diagnosis is primarily based on API requests, you may wish to verify the expected number of requests before continuing.（Normally, it is often less than 10,000 requests (5$), but please check just in case.）
• In very rare cases, the vulnerability may be caused by Kuroco. Please contact us and we will do our best to repair it promptly.
• Feel free to reach out to us for recommendations of third-party research companies to fit your needs.

For more information, refer to the following FAQs:

• Can you send me the findings from your vulnerability assessment?
• My site was diagnosed with a security vulnerability. What should I do?