BeamFi - 3rd Party Application Penetration Testing

Created by Henry Chan, Modified on Thu, 6 Apr, 2023 at 10:10 AM by Henry Chan

3rd Party Application Penetration Testing

Last Updated Date: 21st March, 2023


Summary

BeamFi has developed an application for use with the Zoom platform. As part of the Zoom App Review process, this document provides evidence of BeamFi's adherence to security best practices by undergoing periodic 3rd party API penetration testing using EthicalCheck. We have also integrated EthicalCheck into our Github Continuous Integration pipelines, ensuring that security tests are triggered for every pull request.


EthicalCheck Penetration Testing

BeamFi has adopted EthicalCheck to perform periodic penetration testing on our API. These tests are designed to uncover vulnerabilities and ensure that BeamFi's API is resistant to cyber attacks. EthicalCheck's security experts simulate real-world attack scenarios and provide a comprehensive report, which includes recommendations for addressing any identified vulnerabilities.


Github Continuous Integration (CI) Pipeline Integration

We have integrated EthicalCheck into our Github CI pipeline, which enables automated security tests to be triggered every time a pull request is submitted. This practice ensures that our codebase remains secure throughout the development process and that any potential vulnerabilities are identified and addressed promptly.


Screenshots of Github Actions Workflow Runs

Below are screenshots of Github Actions showing successful workflow runs on API Webhook and Signature.



Screenshot 1: Github Actions Signature Workflow



Screenshot 2: Github Actions API Webhook Workflow



These screenshots demonstrate that our Github CI pipeline has been set up to automatically trigger EthicalCheck security tests for every pull request. The successful completion of these tests provides assurance that our codebase adheres to the security practices.


Example Penetration Test Report

An example penetration test report from EthicalCheck is attached to this document as proof of BeamFi's commitment to maintaining secure APIs. The report details the methodology used, vulnerabilities discovered, and recommendations provided by EthicalCheck.

Attachment: API Penetration Test Report for BeamFi


Conclusion

This document provides evidence that BeamFi is committed to ensuring the security of our application by engaging in periodic 3rd party API penetration testing with EthicalCheck and integrating these tests into our Github Continuous Integration pipelines.




Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article