3rd Party Application Penetration Testing
Last Updated Date: 21st March, 2023
Summary
BeamFi has developed an application for use with the Zoom platform. As part of the Zoom App Review process, this document provides evidence of BeamFi's adherence to security best practices by undergoing periodic 3rd party API penetration testing using EthicalCheck. We have also integrated EthicalCheck into our Github Continuous Integration pipelines, ensuring that security tests are triggered for every pull request.
EthicalCheck Penetration Testing
BeamFi has adopted EthicalCheck to perform periodic penetration testing on our API. These tests are designed to uncover vulnerabilities and ensure that BeamFi's API is resistant to cyber attacks. EthicalCheck's security experts simulate real-world attack scenarios and provide a comprehensive report, which includes recommendations for addressing any identified vulnerabilities.
Github Continuous Integration (CI) Pipeline Integration
We have integrated EthicalCheck into our Github CI pipeline, which enables automated security tests to be triggered every time a pull request is submitted. This practice ensures that our codebase remains secure throughout the development process and that any potential vulnerabilities are identified and addressed promptly.
Screenshots of Github Actions Workflow Runs
Below are screenshots of Github Actions showing successful workflow runs on API Webhook and Signature.
Screenshot 1: Github Actions Signature Workflow
Screenshot 2: Github Actions API Webhook Workflow
These screenshots demonstrate that our Github CI pipeline has been set up to automatically trigger EthicalCheck security tests for every pull request. The successful completion of these tests provides assurance that our codebase adheres to the security practices.
Example Penetration Test Report
An example penetration test report from EthicalCheck is attached to this document as proof of BeamFi's commitment to maintaining secure APIs. The report details the methodology used, vulnerabilities discovered, and recommendations provided by EthicalCheck.
Attachment: API Penetration Test Report for BeamFi
Conclusion
This document provides evidence that BeamFi is committed to ensuring the security of our application by engaging in periodic 3rd party API penetration testing with EthicalCheck and integrating these tests into our Github Continuous Integration pipelines.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article