GMO Flatt Security, based in Tokyo, offers expert security assessments and penetration testing for software. Our seasoned professionals deliver proven, top-tier services. We also provide tools to help you internalize cutting edge, state of the art security practices.
Security Assessments & Penetration Testing
At the forefront of cybersecurity, we offer top-tier vulnerability assessments and penetration testing services conducted by world-class security engineers. Our expertise spans a wide range of targets, from web applications to IoT devices. We are adept at addressing security concerns unique to modern technology stacks, including serverless architectures and APIs leveraging GraphQL. You have our trust to safeguard your digital assets with cutting-edge, comprehensive security solutions.
Shisho Cloud: A Cloud AppSec Platform
Shisho Cloud automates the entire process of reviewing the security posture of web applications on the cloud, using continuous application scanning (DAST) and security posture reviews (CSPM and CIEM). Development and DevOps teams will be further empowered to work together in a self-service model designed for the scale and speed of their cloud development. Shisho Cloud is built by security experts with experiences totaling over 500 penetration testing projects, and is trusted by product security and AppSec teams to accurately reveal both external attack surfaces and the security posture of cloud assets.
Meet the Experts
RyotaK
Security Researcher
RyotaK is a security researcher known for various groundbreaking cybersecurity research. His series of work has revealed critical vulnerabilities of cloud service providers including GitHub and Cloudflare and of essential platforms for engineers like Homebrew and PyPI. He’s also known for participating in various live hacking events, winning multiple awards, and reporting vulnerabilities to many leading companies such as Google, Cloudflare, GitHub, Salesforce, and Microsoft.
Ryota Shiga
Operating Officer / Professional Service Div. CTO
Ryota Shiga is a well-versed security expert. He has revealed 15 critical vulnerabilities for Linux kernels and VMM (KVM/VirtualBox) during the 18 months of his research in GMO Flatt Security, all while directing over 100 web penetration testing projects, proving not only his extensive security knowledge but his leadership skills as well. He has also won a prize in Pwn2Own 2021 for reporting a privilege escalation in Ubuntu.
Takashi Yoneuchi
Director / CTO
Takashi Yoneuchi is one of the leaders of the cloud and application security industry in Japan with over 7 years of experience educating and motivating people on this topic. He is the author of Web Browser Security and more, with thousands of Japanese readers. He led Team Asia at the International Cybersecurity Challenge 2023 as Head Captain. He is also a member of the review board for CODE BLUE, the largest cybersecurity conference in Japan.
Sen Ueno
Director
Sen Ueno, the CEO of Tricorder Co. Ltd, is a penetration tester and a cybersecurity educator. He has contributed to the security industry for more than a quarter of a century and is the author of numerous books. In addition, he is one of the leaders of OWASP Japan Chapter. He has also been awarded ISC2 Asia-Pacific Information Security Leadership Achievements (ISLA).
Featured Projects
Conference
BSides Las Vages 2024: Are you content with our current attacks on Content-Type?
Blog
Expanding single-packet race condition with a first sequence sync for breaking the 65,535 byte limit
Blog
BatBadBut: You can't securely execute commands on Windows
Blog
Bypassing DOMPurify with good old XML
Report
Pwn2Own 2021 Report: Ubuntu Desktop Exploit
Blog
Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql
