Open Technology Fund (OTF) engaged iSEC Partners (iSEC) to perform a source code assisted white box security assessment of Security First’s Umbrella mobile application. One iSEC consultant performed the engagement remotely over two weeks, from June 15th, 2015 to June 26th, 2015. Security First provided iSEC access to the mobile application and the application source code during this time.
iSEC’s primary focus during the assessment was on the mobile application, but also included a review of the backend API transport security. The assessment covered mobile application security best practices along with vulnerabilities that could put Umbrella users at risk. iSEC also reviewed the attack surface available prior to authentication or authorization specifically for injection flaws and Denial of Service (DoS) potential, among other classes of vulnerabilities.
The Security First team provided support and was engaged throughout the project.