Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            BeamFi - 3rd Party Application Penetration Testing

            Created by Henry Chan, Modified on Thu, 6 Apr, 2023 at 10:10 AM by Henry Chan

            3rd Party Application Penetration Testing

            Last Updated Date: 21st March, 2023


            Summary

            BeamFi has developed an application for use with the Zoom platform. As part of the Zoom App Review process, this document provides evidence of BeamFi's adherence to security best practices by undergoing periodic 3rd party API penetration testing using EthicalCheck. We have also integrated EthicalCheck into our Github Continuous Integration pipelines, ensuring that security tests are triggered for every pull request.


            EthicalCheck Penetration Testing

            BeamFi has adopted EthicalCheck to perform periodic penetration testing on our API. These tests are designed to uncover vulnerabilities and ensure that BeamFi's API is resistant to cyber attacks. EthicalCheck's security experts simulate real-world attack scenarios and provide a comprehensive report, which includes recommendations for addressing any identified vulnerabilities.


            Github Continuous Integration (CI) Pipeline Integration

            We have integrated EthicalCheck into our Github CI pipeline, which enables automated security tests to be triggered every time a pull request is submitted. This practice ensures that our codebase remains secure throughout the development process and that any potential vulnerabilities are identified and addressed promptly.


            Screenshots of Github Actions Workflow Runs

            Below are screenshots of Github Actions showing successful workflow runs on API Webhook and Signature.



            Screenshot 1: Github Actions Signature Workflow



            Screenshot 2: Github Actions API Webhook Workflow



            These screenshots demonstrate that our Github CI pipeline has been set up to automatically trigger EthicalCheck security tests for every pull request. The successful completion of these tests provides assurance that our codebase adheres to the security practices.


            Example Penetration Test Report

            An example penetration test report from EthicalCheck is attached to this document as proof of BeamFi's commitment to maintaining secure APIs. The report details the methodology used, vulnerabilities discovered, and recommendations provided by EthicalCheck.

            Attachment: API Penetration Test Report for BeamFi


            Conclusion

            This document provides evidence that BeamFi is committed to ensuring the security of our application by engaging in periodic 3rd party API penetration testing with EthicalCheck and integrating these tests into our Github Continuous Integration pipelines.




            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0