Vulnerability Scanning


Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning


Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring


We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More
Risk Assessment VoIP Security Audit

VoIP Security Audit

Many organizations have begun migrating from the standard “copper wire” telephone systems to “voice over IP” (VOIP) technology. VoIP solutions aimed at businesses have evolved into “unified communications” services that treat all communications—phone calls, faxes, voice mail, e-mail, Web conferences and more—as discrete units that can all be delivered via any means and to any handset, including cell phones. While VOIP technology offers huge costs savings in many situations, it exposes voice communication to many of the “risks” only previously faced by data communications. While initially “free from hacker attacks”, VOIP is now more and more subject to “hacker” attacks that are aimed to disrupt, compromise or abuse VOIP traffic resulting in yet another way organizations face security threats to their operational assets. Specific VOIP security threats like “denial-of-service”, voice mailbox break-ins and unauthorized recording of VOIP conversations are becoming more and more common place.


Kraa Security Solution’s VOIP Security Assessment Service is specifically designed to assess your existing VOIP infrastructure and identify existing and potential security and reliability issues. Using a series of “toolkits” and processes, KRAA SECURITY staff will assess your VOIP infrastructure onsite as compared to existing “VOIP Best Practices”.

We will determine to determine the following:

  • Security against DOS attacks
  • Protection against general “unauthorized access”
  • Protection against VOIP call “eavesdropping”
  • Spam Over Internet telephony (SPIT)
  • Call Floods
  • Harassing Calls
  • H.323 concerns
  • Software Patch Level Compliance
  • Resistance to Viruses and Malware
  • Application Layer Gateway Concerns
  • Use of Encryption Technology
  • VOIP System Redundancy

voip security