ONWARD SECURITY JAPAN List of Products and Services

By conducting a firmware scan and analyzing the open-source components adopted in one go, we can centrally manage the risks they encompass, such as those listed below, thereby protecting brand image, avoiding license violations, and reducing vulnerabilities. ■ Vulnerabilities caused by OSS ■ License issues ■ OSS dependency management Managing the software supply chain is crucial to doing so without any issues! 1. Management of the OSS list 2. Understanding vulnerabilities and license issues caused by OSS 3. Tracking vulnerabilities and responding immediately ↑ Doing all of this manually would require enormous effort and cost. Why not manage it with SecSAM?

• Software (middle, driver, security, etc.)
• Other security

When device manufacturers develop devices equipped with Amazon Alexa provided by Amazon, security testing at a certified lab (only 7 companies worldwide are certified) is mandatory according to Amazon's regulations. Generally, customers are required to submit a development application through Amazon's developer site beforehand, but we are here to support you during that process. Therefore, even if you do not have preparations like an intake form, please feel free to consult with us first.

• Contract Inspection
• Other security
• Public Testing/Laboratory

One of the inspection services provided by our company, HERMAS, includes a black box testing outsourcing service for products. As of now (July 2021), we will conduct inspections of your products at our inspection laboratory in Taiwan, which complies with international standards (ISO17025). We will consistently respond in Japanese from the initial hearing during your consideration to the report. However, since the verification will take place at an overseas laboratory, we can keep costs down. *There may be instances where some product specification documents are provided in English. Our high level of technical expertise has already been recognized, as evidenced by projects with telecommunications carriers in Europe and the United States, and reports submitted by us being accepted by the NCSC (National Cyber Security Center - UK government agency) and the FTC (Federal Trade Commission - US Federal Trade Commission).

• Other security
• Contract Inspection
• ISO-related consultant

One of the inspection services provided by our company, HERMAS, includes a commissioned service for testing the security requirements of devices as mandated by ETSI EN 303 645. As of now (July 2021), we will conduct inspections of your products at our inspection laboratory in Taiwan, which complies with international standards (ISO17025). We will provide consistent support in Japanese from the initial hearing during your consideration to the final report. However, since the verification will be conducted at an overseas laboratory, we can keep costs down. *Generally, the compliance confirmation will be submitted in English, but we can also provide a Japanese version of the report if needed. Our high level of technical expertise has already been recognized, as evidenced by projects with telecommunications carriers in Europe and the United States, and reports we submitted have been accepted by the NCSC (National Cyber Security Center - UK government agency) and the FTC (Federal Trade Commission - US Federal Trade Commission).

• Contract Inspection
• Other security
• Public Testing/Laboratory

One of the inspection services provided by our company, HERMAS, mandates that when selling medical devices in North America, local authorities (FDA) require the implementation of information security assessments for the devices. As of now (September 2021), we will conduct inspections of your products at our inspection laboratory in Taiwan, which complies with international standards (ISO17025), or at our inspection laboratory in our Tokyo office. The report will be provided in English for submission to the FDA. Additionally, by utilizing the know-how we have accumulated so far, we have achieved cost and time reductions, which we pass directly on to our customers. *Japanese reports can also be quoted separately.

• Other analytical and testing equipment
• Other Consulting Services

The "HERCULES SecDevice" is an automated vulnerability detection tool equipped with features such as known vulnerability testing, fuzzing tests, and web security testing. It utilizes patented AI learning technology, providing excellent time efficiency and accuracy in vulnerability detection. When selling medical devices in North America, it is necessary to verify the cybersecurity measures required by the FDA's PREMARKET APPROVAL 510K. This includes advanced fuzzing techniques that are more sophisticated than general verification methods. 【Features】 ■ Automatic detection and identification of targets ■ Automation of vulnerability testing and scanning ■ Smart vulnerability analysis ■ Reduction of inspection time and improvement of accuracy ■ Ability to discover unknown vulnerabilities through fuzzing, etc. *For more details, please download the PDF or feel free to contact us.

• Other Software

The "HERCULES SecDevice" is an automated vulnerability detection tool equipped with features such as known vulnerability testing, fuzzing tests, and web security testing. It utilizes patented AI learning technology, providing excellent time efficiency and accuracy in vulnerability detection. Additionally, it complies with information security standards such as IEC 62443, OWASP TOP 10, and CWE/SANS TOP 25. 【Features】 ■ Automatic detection and identification of targets ■ Automation of vulnerability testing and scanning ■ Smart vulnerability analysis ■ Reduced inspection time and improved accuracy ■ Ability to discover unknown vulnerabilities through fuzzing, etc. *For more details, please download the PDF or feel free to contact us.

• Other security