UniFa Co., Ltd.

UniFa’s CTO, Hiroaki Akanuma

How UniFa Is Investing in Security with VAddy

UniFa has built its business around the idea of a media platform and web portal where families will want to congregate; the company’s products include the online photo-sharing service “LOOK ME” and the child companion robot “MEEBO.” UniFa recently made news when it won the Japanese qualifying round of the Startup World Cup.

We caught up with UniFa’s CTO, Hiroaki Akanuma, to ask him why he started using VAddy and how it’s been working out for his company.

About UniFa

Our primary business at the moment is “LOOK ME,” an online photo marketplace for kindergartens and preschools. Unlike other ordinary websites for selling photos online, LOOK ME is just as accessible for preschool teachers as it is for professional photographers. UniFa can also handle all of the payment processing and shipping necessary to deliver professionally printed photos.

LOOK ME is not limited to selling photos of annual sports days and other events—it also allows childcare workers to take photos throughout the year and immediately share them with parents online, making deeper communication possible for families whose lives revolve around preschool and kindergarten. As a web service, LOOK ME costs nothing to set up; instead, our business model is to collect a percentage of each photo sold. We also share some of those proceeds with the ~1200 preschools and kindergartens that are currently using the service.

The Tendency for Startups to Delay Security Measures

We launched LOOK ME nearly three years ago. In those early days of development, speed was of the essence; we didn’t have the luxury of setting up institutional security testing policies. Instead, our software engineers ran tests as necessary while referring to online resources such as the Japanese Information-Technology Promotion Agency’s website.

Before I was brought onto the team, no one at UniFa had tried to establish a unified software development process, let alone conduct a thorough security audit. There were no team-wide security practices—everything was entirely up to individual developers’ discretion.

That being said, we did at least have some basic security measures in place (such as a web application firewall) to protect the photos of children with which we had been entrusted.

Minimizing the Burden of Security

Without a question, it’s important to have solid security measures in place. However, as we hire more engineers and grow our customer base, we honestly still find it hard to dedicate resources to security testing. At the same time, we can’t really afford to skimp on security—parents and preschools around the country are trusting us with photos of the small children in their care.

We discovered VAddy while searching for a security testing solution that we could implement with minimal overhead. Up until that point we had been looking at OWASP ZAP and other similar tools, but we were put off by the time and effort they seemed to require to use properly so we never ended up adopting them. As fate would have it, we happened to stumble onto a local VAddy meetup where we were able to discuss our situation with the VAddy team directly; we decided to give VAddy a try because it seemed to be very easy to get started.

How We Use VAddy

UniFa’s CTO, Hiroaki AkanumaOur build times are long even though our Continuous Integration pipeline uses Wercker, so rather than running VAddy as part of our CI build cycle, we have created tests for various user scenarios that we run as daily cron jobs; the results are sent to our team’s Slack room. At first we used VAddy’s Ruby client, but now we have written our own scripts to call VAddy’s Web API directly. (Our Slack notifications call the Web API directly, as well.)

We also hope to set up an end-to-end testing environment (e.g. with Selenium) soon so we can use it to test the new features that we ship in the future.

Investing in Security Solutions Is Now De Rigueur

With LOOK ME’s customer base growing steadily, this is a good time for us to focus on security. Even if that weren’t the case, though, I think it behooves us to invest in security as a kind of insurance policy.

Our future endeavors are not limited to photo services; we also plan to get involved with more of the operational issues faced by kindergartens and preschools. As you can imagine, childcare workers and parents alike are particularly concerned about security, so we are interested in continuing to use VAddy as we launch new services for them.

Feature Requests

There isn’t any particular feature that I’d like to ask for at the moment—I was fortunate to have my first request promptly implemented after talking about it at one of VAddy’s user meetups—but if I had to choose it would probably be support for more types of vulnerabilities. (Of course, this would probably entail a compromise between scan times and the number of vulnerabilities tested…)

On a more technical level, though, someday I’d like to talk with the VAddy team about the artificial intelligence they programmed into their scanning engine. We plan to incorporate AI into our future projects, so I have a professional interest in how it is being used by other companies.

UniFa Co., Ltd.

Web Media Portal for Enriching Family Communication
President: Yasuyuki Toki

Nagoya Office

8th floor, CK21 Hirokōji Fushimi Building
1-18-11 Nishiki, Naka-ku
Nagoya, Aichi 460-0003
Phone: 052-212-5717

Tokyo Office

2nd floor, Mitsui Second Annex
4-4-20 Nihonbashi Hongoku-chō
Chūō-ku, Tokyo 103-0021
Phone: 03-3516-6660

More Testimonials