Launch of Security Diagnosis Service Supporting kintone App Development in the Generative AI Era

Kobe Digital Labo Co., Ltd. (Chuo-ku, Kobe-shi, Hyogo; President and CEO: Shinichi Tamaki; hereinafter "KDL"), which provides the information security service "Proactive Defense" and system development, has launched the "Security Diagnosis Service for kintone Apps" as a new service under "Proactive Defense". This service targets kintone apps developed and operated by companies, investigating custom JavaScript source code and app settings to visualize security risks. As no-code/low-code development and the use of generative AI advance, we support the creation of an environment where "business apps created under field leadership" can be operated with peace of mind. Background of Service Provision With "kintone," used by many companies as a business application platform, there is an increasing number of cases where the field takes the initiative to develop and improve business apps, taking advantage of the characteristics of no-code and low-code development. In addition, in recent years, the advanced and convenient use tailored to one's own business has been expanding without relying on specialized development skills, such as using generative AI to consider app configurations and settings, and creating JavaScript code used for customization. On the other hand, as the degree of freedom and scope of use of apps expand, the security aspects that should be checked are also diversifying, such as how to handle externally input data, the design of access authority, and settings when linking with external services. In fact, our security team has confirmed that if cross-site scripting (XSS) exists in a kintone app, an attack could be established where information stored within the app could be acquired by a third party. The importance of security measures when implementing custom JavaScript is also clearly stated in the "kintone Secure Coding Guidelines" published by Cybozu, Inc. Given this situation, in the development and operation of kintone apps, it is important not only to consider convenience but also to objectively check security risks and develop an environment where they can be used safely. Service Overview In this service, we will conduct a security diagnosis from the perspective of source code and setting details, targeting kintone apps developed and operated by companies. We offer two diagnosis plans: "SAST Diagnosis" and "SAST + Setting Diagnosis". <> 1. SAST Diagnosis We will conduct static analysis targeting the custom JavaScript and CSS source code of kintone apps. We will detect vulnerability risks such as XSS and clarify security issues at the source code level. Price: From 300,000 yen (excluding tax) 2. SAST + Setting Diagnosis In addition to the SAST diagnosis, we will also check the setting details and operational status of the kintone app to comprehensively check for security risks. In the setting diagnosis, we will check for risks from a security perspective covering the entire setting and operation of the kintone app, such as access control, external linking, data management, and logs. Price: From 500,000 yen (excluding tax) Features of the Service 1. Diagnosis specialized for custom JavaScript Targeting JavaScript and CSS used in the customization of kintone apps, we will verify vulnerability risks such as XSS, which tend to be overlooked by manual reviews alone, at the source code level. 2. Diagnosis from both source code and settings (SAST + Setting Diagnosis) In addition to vulnerability diagnosis by static analysis of custom JavaScript, we will also check setting details such as access control, API use, and external linking to comprehensively check the security status of the kintone app. 3. Easy-to-understand reports and after-sales follow-up