ONEFIN
OneFin engaged CyStack to perform a Penetration Test of their web and mobile applications. The purpose of this project is to identify security weaknesses, determine the impact to OneFin, document all findings in a clear and repeatable manner, and provide remediation recommendations. The project commenced on 04/05/2020 requiring five (5) security researchers. On 05/06/2020, CyStack performed a retesting that confirmed the effectiveness of the applied mitigations. All issues with direct security impact have been addressed by OneFin.
Overview
| Products | Completion date | Status |
|---|---|---|
| June 5 2020 | Completed |
Total finding
N/AIssues
N/A Resolved
CriticalN/A
HighN/A
MediumN/A
LowN/A
InfoN/A
Assessment Checklist
AI Application Security
Algorithmic Biases
Application-Level Denial-of-Service (DoS)
Automotive Security Misconfiguration
Blockchain Infrastructure Misconfiguration
Broken Access Control (BAC)
Broken Authentication and Session Management
Client-Side Injection
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)
Cryptographic Weakness
Data Biases
Decentralized Application Misconfiguration
Developer Biases
External Behavior
Indicators of Compromise
Insecure Data Storage
Insecure Data Transport
Insecure OS/Firmware
Insufficient Security Configurability
Lack of Binary Hardening
Misinterpretation Biases
Mobile Security Misconfiguration
Network Security Misconfiguration
Physical Security Issues
Privacy Concerns
Protocol Specific Misconfiguration
Sensitive Data Exposure
Server Security Misconfiguration
Server-Side Injection
Smart Contract Misconfiguration
Societal Biases
Unvalidated Redirects and Forwards
Using Components with Known Vulnerabilities
Zero Knowledge Security Misconfiguration
Other
Deliverables
Final Report
Completion Certificate
