Vulnerability Scanning


Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning


Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring


We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More
Security Training for Developers

Security Training Courses

KRAA Security provides unique security training courses for development of secure applications.

Security Training for Developers

The most prevalent reason behind buggy code and security vulnerabilities being exploited by hackers and malicious code is the lack of secure coding standards and practices. Our security training for developers ensures that developers are exposed to common security threats and vulnerabilities and provides training to develop secure software that can withstand such attacks. Courses
  • Introduction to Application Security (OWASP Top 10)
  • Security Training for Developers – .NET
  • Security Training for Developers – JAVA / J2EE
  • Security Training for Developers – C/C++
  • Security Training for Developers – Flash / FLEX

Security Training for Mobile Apps

The rapid introduction of mobile devices in business and personal use continues to challenge companies to ensure applications are safe and secure. Applications succeeding in this area must accomplish the two-fold goal of delight without fright. Training for Mobile Apps focuses on threats associated with unique mobile platofrms and covers the basics of building and maintaining secure applications on IOS and Android platform. Courses
  • Introduction to Mobile Security (IOS & Andriod)
  • Security Training for Mobile Developers – IOS (IPhone / IPad)
  • Security Training for Mobile Developers – Andriod

Security Training for QA

The most prevalent reason behind buggy code and security vulnerabilities being exploited by hackers and malicious code is the lack of secure coding standards and practices. Security testing for QA provides security focused test cases for testing and ensures basic understanding of security threats and countermeasures required to build and deploy secure applications. Courses
  • Security QA / Testing for Applications

Security Awareness Training

Information security awareness and training is crucial to any organization’s information security strategy and supporting operations. The “people factor” – not technology – is key to providing an adequate and appropriate level of security assurance. We provide a robust and enterprise wide security awareness and training program that ensures people understand their data security responsibilities, organizational policies, and how to properly use and protect the system resources entrusted to them. Courses
  • Security Awareness Training

Security Training for Managers / Architects

It is well documented that security is more effective and less expensive when baked into software lifecycle. Security Training for Managers and Architects introduces number of required actions including creation of security and privacy design specifications, defining minimum security and privacy criteria for the application, threat modeling and deploying a security vulnerability/work item tracking system allowing for creation, triage, assignment, tracking, remediation, and reporting of software vulnerabilities.
  • Security Training for Managers / Architects

Regulatory Compliance Best Practices

When it comes to information risk management and security, many firms are choosing to go beyond regulatory compliance to protect their organization’s reputation, increase productivity and gain significant competitive advantage. Our training solution provides your development team right tools and techniques to build secure software that complies with regulatory standards and industry best practices and helps the organization achieve their knowledge and competency goals
  • PCI DSS Security Training
  • HIPAA Security Training
  • FISMA Security Training
  • SOX Security Training

Training Delivery Features:

Java Developer Training
  • On-Demand: Delivered 24×7 on-demand, students can access the content from anywhere on the internet and proceed at their own pace. Training environment allows interaction with other members via real time chat and course forums
  • Interactive: Illustrative videos helps students understand key concepts. Quizzes and Learning Games ensure students grasp training content and stay engaged. Tools and techniques demonstrated step by step allow skills replication in real world
  • Customized: The content is customized to integrate your company policies, procedures and best practices into the content creating a learning experience that maximizes our content with your procedures.
  • Tracking and Reporting: One of the big challenge with any kind of training is the difficulty to measure benefits and see return on investment for the organization. Our solution provides tracking and reporting capabilities that provide specific and measurable results for each student. Some of the information that could be generated includes:
  1. Course usage including total views, unique views, average number of views per day and unique student views per day
  2. Detailed question and answer reports on how individuals answered on the quiz
  3. Trend reports that identify trends between different groups and provide valuable insight
  4. User portal that allows users to view personal history and run their own reports
  5.  Guestbook interface to collect detailed feedback information from the users
  • Repeatable: How often have you taken a class and wished you could have gone back over the content if a subject was unclear? With our license model students can repeat the content in an unlimited fashion for the life of the particular license
  • Up-to-date: Our content is continuously updated with fresh content on a semi annual basis depending on the topicality of the issues of the day.
  • Hosting: The training can be hosted by us and or provided to you in SCORM complaint format for your internal LMS
  • Certificates: Students will be provided with a certificate attesting their completion of security for developer training course