Visualizing API-specific risks with high precision based on international standards through a hybrid diagnosis of tools and manual methods.
Ranryu's "API Vulnerability Diagnosis Service" conducts assessments in accordance with the OWASP API Security Top 10, OWASP ASVS, and IPA standards. It goes beyond mere automated tool assessments by combining them with manual evaluations conducted by engineers holding internationally recognized white-hat hacker certifications, addressing API-specific risks such as authentication and authorization flaws, token management, and excessive information disclosure that are difficult to detect with tools alone. Furthermore, after the diagnosis, we support improvement proposals, reporting sessions, re-assessments, and continuous monitoring, providing effective measures to safely operate APIs. ■ Features and PR Points - Peace of mind from public certification: A service provided by a company registered with the Ministry of Economy, Trade and Industry and IPA. - Detailed reports leading to improvements: Evaluation based on OWASP and IPA standards, along with correction proposals. - Site seal provision: Visualizes that the diagnosis has been conducted, appealing to partners and customers for trust. - Regular diagnosis package: 2 to 4 assessments per year, along with re-assessments, to continuously improve security levels.
Inquire About This Product
basic information
■Plan Overview (1) Quick Tools Scan Plan - Simple diagnosis centered on automated tools (using OWASP ZAP, etc.) - Detects major API vulnerabilities (OWASP Top 10) in a short period - Report provided within as little as 3 business days, allowing for quick understanding - Ideal for companies that want to easily check the security status of their APIs *Note: The minimum duration is a guideline and may vary depending on the number of targets being diagnosed. (2) Standard Scan Plan (Recommended) - A standard plan that combines automated diagnosis with manual diagnosis - Multidimensional verification of API-specific risks such as authentication and authorization flaws, token management, and information leakage - Items that are difficult to assess with tools alone are carefully diagnosed by security engineers from an attacker's perspective - Provides a detailed report, improvement proposals, and 30 days of QA support ■System - Qualified engineers are in charge, and the quality control department conducts a double-check - A reliable system as a company certified under not only the Ministry of Economy, Trade and Industry standards but also ISO/IEC 27001 (ISMS) certification.
Price range
Delivery Time
Applications/Examples of results
API vulnerability assessments are utilized by many companies in the following situations: - Security checks before API release - Pre-release assessments for cloud integration or mobile app integration systems - Inspections of specific API endpoints during development - Third-party evaluations during the maintenance and updates of ISMS or privacy marks - Impact assessments and preventive measures after security incidents - Assessment requests through SIers or development vendors (safety checks before final delivery)
Company information
We are an independent system integrator that provides integration services such as system development and infrastructure construction to customers of various sizes and industries. We offer security solution services, including system vulnerability assessment services. Our team of highly skilled engineers, with extensive experience and difficult licenses both domestically and internationally, will support you. Additionally, we regularly collect and analyze incident information and new vulnerabilities, reflecting this in our services. Please feel free to contact us for inquiries or consultations regarding any services or challenges you may have.