Vulnerability Assessment & Penetration Test

Find your vulnerability before adversaries do

Effective cyber defense begins with knowing your own weakness against threats. The best way to learn how your organization can be compromised is to have it hacked by trusted professionals, just the way real-world adversaries would. MBSD’s experienced security practitioners will provide visibility into exploitable vulnerabilities in your network by using award-winning manual penetration test technique and inhouse scan tools.


In the digital transformation era, the evolving threat landscape is creating continuous cyber security challenges for the organizations. MBSD’s vulnerability assessment services identify, classify and address security risks for customers and provide them with guidance to mitigate such risks with priority. MBSD provides vulnerability assessment in the following areas:

  • Web applications
  • Software applications
  • Mobile applications
  • Host/Network
  • IoT devices (Internet of Things)
  • Industry control systems


MBSD’s web application vulnerability assessment is a tool-based vulnerability scanning and manual penetration test to the web applications to identify vulnerabilities, such as those that could lead to data breach, user compromise and further damages to customers. The combination of tool and manual test is necessary because some vulnerabilities just can’t be detected by automated scanning tools. MBSD has one of the largest and most excellent red team in Japan, which consists of plenty of highly skilled and experienced ethical hackers, who are also continuously contributing to device and software application vulnerability findings in Japan. Such ethical hackers perform attacks on the web applications from the hacker's point of view, by scanning and trying to gain access to all aspects of the possible vulnerabilities resided in the applications. They first use MBSD’s inhouse scan tools to quickly detect vulnerabilities. After tool-based scanning, they manually scan and detect further vulnerabilities particularly in the dynamic process of the web applications such as the business sequence and logic, session management, authentication implementation, which are unique to respective applications. All pages (or all requests) of the web applications are evaluated with 37 known vulnerabilities and tested to identify and exploit as many vulnerabilities as possible over a short period of time.


What is red team service?

There are lots of available cyber security assessments, but red team service, the simulated cyber-attack, is almost the same as an actual attack to your organization. By MBSD’s red team service, you can learn how to prepare and defend your organization against skilled and persistent hackers.

The differences between the red team service and vulnerability assessment are that vulnerability assessment is designed to identify and exploit as many vulnerabilities as possible over a short period of time, while the red team service is an actual attempt to intrude a target system, network, and applications conducted over a period of weeks to reveal the result of such attempts and is designed to test your organization’s detection and response capabilities and achieve pre-set goals, such as data exfiltration.

The red team service can bring benefit to your organization such as:

  • Learn how prepared your organization is to respond to a targeted attack and how effective the people and technology within it function against attack
  • Learn whether systems, data and applications are vulnerable
  • By simulating the latest adversarial tactics, help your organization to identify hidden vulnerabilities which could be a possible target
  • Address identified exposures
  • Enhance your organization’s blue team effectiveness and help the team to identify and address gaps in threat coverage