Scope:
Digital wallet mobile application with Android version was penetrated. The test was performed in a GreyBox manner and simulated a malicious user with partial knowledge regarding the system functionality.
Time Frame:
8 working days 5 days penetration of Android version 3 days of data analysis, elimination of false positives and elaboration of remediation report
Steps perfomed:
- Planning
- Analysis of mobile structure and linked technology
- Review of mobile applications WITH and WITHOUT user
- Error search in design and programming
- Business Logic Review
- Client interaction review
- Review of confidentiality and source code integrity of the application
- Result generation
Conclusions:
In the FinTech businesses one of the most highlighted recommendations is to Implement a certificate pinning method to protect the communication between client and server.
At Puffin Security, we use the ELITE SECURITY CONSULTING methodology so you can rest assured that your organization will have the highest level of security.
Complete the form, and we’ll be in touch as soon as possible