Vulnerability Scanning


Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning


Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring


We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More

Miami, FL, August 5th, 2013 — Security risks have moved beyond the network and operating systems to the Website functionality. WordPress website problems are more significant as many sites rely on unknown plugins. Many companies only test for functional requirements in WordPress sites.

Our WordPress Website Security Test is designed to meet best practices for Website security. All industry regulations such as PCI, HIPAA and Red Flag require website security. An assessment looks at the plugins, the infrastructure, the operating systems and the application functionality.

Many WordPress sites are built by third party companies that may understand how to create a website but do not know how to code sites securely. There are numerous way that vulnerabilities can be introduced into the website that a hacker can use such as how themes are developed, plug-ins being used, poorly configured databases and configurations and WordPress version control. Security has to be constantly updated and checked to keep WordPress sites secure.

WordPress website security assessments will involve but not limited to the following methodologies:

  • Plugin vulnerabilities
  • User management
  • Site design
  • Session Management
  • Data Confidentiality
  • File and directory access permissions
  • XSS, LFI, RFI, PHP Code injection
  • Input validation
  • Database settings & configuration
  • Access Control & Authorization
  • Logging and auditing
  • Encryption
  • SSL-related security issues
  • Anti-spam measures
We provide technical recommendations with mitigating controls and policies and procedures to keep your website secure over time.

About KRAA Security

KRAA Security ( was founded in 2007 to address the security needs of companies in all industries through a combination of Security Consulting Services.  KRAA Security’s risk assessment services protect organizations from threats through a combination of preventative measures in Social Media Policy, Application Security, Network Security, Operating System Security, Managed Firewall and Compliance.


Jasmine Jones

KRAA Security, 888-KRAA-911


Latest Book by Gary Bahadur: Securing the Clicks- Network Security in the Age of Social Media


KRAA Security launches new HIPAA Privacy Audit service for corporations facing HIPAA regulatory requirements.

Miami, FL, October 29th,  2012 — HIPAA’s Privacy provisions became effective 04/14/2003 and 04/14/2004 for Large Plans and Small Plans respectively.  For these purposes, the same definitions as those used by the SBA apply. The Privacy provisions, when integrated with HIPAA’s Security provisions, require operational, document and educational performance. Adherence to Best Practice generally minimizes the possible considerable personal exposure of clients’ employees.

KRAA Security provides HIPAA specialists that are experienced former Privacy Officers who are process and compliance professionals to perform the best in third-party assessments. We work with each client to improve compliance on an ongoing basis accompanied by annual maintenance assessments.

Our HIPAA Privacy assessment includes but is not limited to:

Benefit plan compliance

  • HR compliance relative to Protected Information
  • Compliant Business Associates Agreements content and application
  • Compliant Chain of Trust Agreements, when required
  • Compliant Policy and Procedures
  • Compliant physical environment
  • Insurance coverage assessment
  • Protected Information-related process improvement
  • Learning system – five levels of involvement with Protected Information

KRAA Security specialists initiate the assessment process by reviewing each client’s responses to an Audit Target questionnaire and associated attachments. A Compliance Baseline is documented and a Gap Analysis which delineates the differences between the Baseline and Best Practice is presented. This is followed by a Risk Assessment commonly known as a risk vs. reward analysis.

About KRAA Security

KRAA Security ( was founded in 2007 to address the security needs of companies in all industries through a combination of Security Consulting Services.  KRAA Security’s risk assessment services protect organizations from threats through a combination of preventative measures in Social Media Policy, Application Security, Network Security, Operating System Security and Compliance.


Jasmine Jones

KRAA Security




KRAA Security Awarded Top 300 Business of the South by Business Leader Media Magazine This month Business Leader Media announced KRAA Security as one of the winners in their Business Leader Top 300 Small Business of the South. This prestigious award is given each year to honor the top business leaders in South.  The demand for Miami-based KRAA Security’s information security services and social media security is growing rapidly. Miami, FL, June 23rd, 2011 — This month Business Leader Media announced KRAA Security ( as one of the winners their Top 300 Small Businesses of the South. This prestigious award is given each year to honor the top businesses that have made the greatest impact in the business community. For the fourth consecutive year Business Leader has issued the Top 300 Small Businesses of the South award. The annual dinner highlighted the business community as Business Leader recognizes the most dynamic small businesses that have exhibited strong historical financial results, have a positive impact in the local economy and are making a difference not only in business but also in the greater community. KRAA Security offers information security consulting services to small and medium businesses.  Information security has become too difficult for a typical IT administrator to handle effectively.  Small and medium businesses are often the most vulnerable to security attacks because they lack trained security staff, and they are increasingly turning to information security services.  KRAA Security has expanded their service offering with Social Media Security assessments, Social Media Policy development and Online Training in security principles targeting best security practices, social media usage and HIPAA Security rule requirements. “We are honored to be selected as a winner in this year’s Business Leader awards. This is further validation of our suite of security assessment services is meeting the needs of our clients ” said KRAA Security founder and CEO Gary Bahadur.  “We are seeing increasing demand for Social Media Security, HIPAA Security and PCI assessments, particularly in the retail, healthcare and financial verticals. Our customers just don’t have the time and money for internal testing, so it just makes strategic and economic sense for them to call on KRAA Security to perform specific security tasks.” KRAA Security was founded in 2007 to meet this customer demand, and has been growing rapidly, and has launched additional security assessment services to meet the needs of their clients.   KRAA Security has recently launched a new product for supply chain risk management, see more details at KRAA Security is Mr. Bahadur’s third technology startup.  He was the cofounder and CIO of Foundstone Inc, a $20M security vulnerability risk management firm with offices in the United States, Singapore and India. Foundstone was sold to McAfee for $86 Million in 2004.  Prior to Foundstone, Mr. Bahadur was the President and cofounder of Ether2 Corporation. About KRAA Security: KRAA Security was founded in 2007 to address the security needs of companies in all industries with Information Security Consulting Services.  KRAA Security protects organizations from threats through a combination of preventative services in Social Media Security, PCI SAQ Audit Compliance Measures, HIPAA Security Assessment, Application Security, Network Security, Operating System Security and Compliance measures.  KRAA Security provides a comprehensive suite of Security Consulting and Products that are practical, efficient and cost effective. CEO Gary Bahadur has launched a new book on social media security “Securing the Clicks: Network Security in the Age of Social Media”   Contact: Jasmine Jones KRAA Security 888-KRAA-911 Email:  

November 23, 2010, Torrance, CA: The California Department of Public Health recently issued fines against hospitals in the state for Patient Privacy Violations, totaling more than $700,000. The physical and logical protection of patient data is a fundamental requirement in today’s hospital climate.  The fined entities included Kern Medical Center, Bakersfield ($250,000 for theft of 596 test documents), Pacific Hospital of Long Beach ($225,000 for an identity theft), Kawaeah Manor Convalescent Hospital, Visalia ($125,000 for an identity theft), Delano Regional Medical Center ($60,000 unauthorized access to records), Children’s Hospital of Orange ($25,000 unauthorized access to records), Oroville Hospital ($42,5000 employee discussed patient case), Biggs Gridley Memorial Hospital, Gridley ($5,000 unauthorized access to records).

As regulations increase, hospitals have to be more diligent in implementing and monitoring security controls. The Top 5 protections a healthcare organization needs in order to move towards a HIPAA Security Rule compliant environment include: 1. Conduct a Risk Assessment: Section 164.308(a)(1) of HIPAA requires an organization to conduct the risk analysis before any solution is implemented. It is important to know your network’s vulnerabilities. Officials must understand what type of information might get exposed, who might expose it, and how where it could be exposed. The result of this analysis will facilitate creation of security policies & procedures. 2. Take a Multi-Layer Approach: A single technology cannot provide complete protection. Implementing firewalls, anti-virus software, anti-spam, and intrusion prevention are just some of the things needed to keep patient data completely secure. 3. Don’t Forget About Email: More patient data is breached through email than any other source. It is crucial to have secure email and full content filtering. You need both inbound and outbound filters for personal health information protection and Encryption is key.  4. Implement Policies: Employees must be educated on the security policies of an organization, why the policies are important and how to protect confidential information. eSecurity training is the first step in this important process. Implement a security awareness and training program for all members of its workforce including management.  5. Backup Your Data Offsite (Securely) : Offsite data backup has become the easier and safer alternative to the out dated tape method. Offsite data backup offers multiple encryption methods, sophisticated file search availability, and complete automation. You can recover you data swiftly and test your backup information quickly for accuracy and completeness.  KRAA Security ( is trusted name in the security industry. The firm conducts comprehensive Physical Security Assessments to identify potential physical security risks in Hospitals. KRAA Security also conducts data security assessments that meet HIPAA Security Rule requirements to determine if patient databases are at risk. An evaluation by KRAA Security will pinpoint where problem areas are located that affects the safety of customers and employees, and areas on the premises that would facilitate thefts, vandals and intrusions both logical and physical. Contact: Jasmine Jones KRAA Security, 888-KRAA-911
Summary: Gary Bahadur, Founder and CEO of KRAA Security, hosts webinar outlining the top 10 social media security attacks that corporations may unknowingly be exposing themselves to.  December 2010, Miami, Fl: KRAA Security, the prominent name in providing managed security and consulting services, hosted a 45-minute webinar identifying the vulnerable areas within a corporation where social media hackers may easily attack. Gary Bahadur, Founder and CEO of KRAA, reviewed each area in detail, concluding the webinar with recommendations on how to avoid being a target and/or victim of a potential hacker. KRAA Security offers Social Media Policy Development and Social Media Security Assessments. In brief, below are the top ten areas of attack that were addressed: 1. Employees. Employees may post sensitive or confidential information about the company and its clients. They may also click on inappropriate website links which may contain viruses that end up in company’s network. 2. Customers. The saying goes “one unhappy customer will tell nine of their friends”, and there goes your reputation. 3. Human Resources. Many companies have not implemented social media policies, leaving employees with an “anything goes” modus operandi when it comes to social networking. 4. Social Networking Worms. The 2010 “Koobface” worm stole data from Facebook, Myspace, Twitter, LinkedIn and Bebo by tricking users to download a Trojan.  5. Competitors. Competitors may hide behind fictitious profiles to gather information about your company. Or worse, they may use these fictitious profiles to attack your brand image by spreading lies about your company. 6. Scraping. Automated programs literally “scrape” data from your network to build unauthorized profiles.  7. Trojans. Trojans trick users into thinking that they are interacting with a legitimate application, while collecting data from the user’s computer.  8. Data Devaluation. Not every employee, especially recent college graduates, are fully aware of the importance of online security and of the care that must be given to sensitive information or data.  9. Phishing. Phishing entices users to provide real login information by simulating legitimate sites.  10. Impersonation. It is difficult to tell who is really behind the social medial profiles that we encounter. There is no way to know whether the profile we are looking at is that of one of our employees or of a competitor saying things in another person’s voice/account/profile. “I cannot stress enough the importance of implementing Social Media Security Policies in conjunction with Reputation Management tools. All hands must be on deck – from the Human Resources, Marketing and IT Security departments – everyone must be on the same page when it comes to what, when, where, how and by who company information is being shared. Corporations must build a training program around appropriate Social Media usage in order to avoid a potential disaster,” stated Gary Bahadur. KRAA Security holds monthly webinars, and this one about Social Media Security is already scheduled to be brought back by popular demand (actual date is to be determined). About KRAA Security – ( is trusted name in the security industry. KRAA Security’s risk assessment services protect organizations from threats through a combination of preventative measures in Social Media Security, Application Security, Network Security, Operating System Security and Compliance. Contact: Jasmine Jones KRAA Security, 888-KRAA-911