Vulnerability Scanning


Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning


Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring


We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More
Press Release KRAA Security launches new WordPress Website Security Testing service to help companies defend against hackers.

Miami, FL, August 5th, 2013 — Security risks have moved beyond the network and operating systems to the Website functionality. WordPress website problems are more significant as many sites rely on unknown plugins. Many companies only test for functional requirements in WordPress sites.

Our WordPress Website Security Test is designed to meet best practices for Website security. All industry regulations such as PCI, HIPAA and Red Flag require website security. An assessment looks at the plugins, the infrastructure, the operating systems and the application functionality.

Many WordPress sites are built by third party companies that may understand how to create a website but do not know how to code sites securely. There are numerous way that vulnerabilities can be introduced into the website that a hacker can use such as how themes are developed, plug-ins being used, poorly configured databases and configurations and WordPress version control. Security has to be constantly updated and checked to keep WordPress sites secure.

WordPress website security assessments will involve but not limited to the following methodologies:

  • Plugin vulnerabilities
  • User management
  • Site design
  • Session Management
  • Data Confidentiality
  • File and directory access permissions
  • XSS, LFI, RFI, PHP Code injection
  • Input validation
  • Database settings & configuration
  • Access Control & Authorization
  • Logging and auditing
  • Encryption
  • SSL-related security issues
  • Anti-spam measures
We provide technical recommendations with mitigating controls and policies and procedures to keep your website secure over time.

About KRAA Security

KRAA Security ( was founded in 2007 to address the security needs of companies in all industries through a combination of Security Consulting Services.  KRAA Security’s risk assessment services protect organizations from threats through a combination of preventative measures in Social Media Policy, Application Security, Network Security, Operating System Security, Managed Firewall and Compliance.


Jasmine Jones

KRAA Security, 888-KRAA-911


Latest Book by Gary Bahadur: Securing the Clicks- Network Security in the Age of Social Media