You are opening our English language website. You can keep reading or switch to other languages.

Penetration Testing of Investment Web Platform and Mobile App

FinanceCyber SecurityPenetration Testing

DataArt executed thorough penetration testing of web and mobile applications, ensuring the robustness of the client's financial technology against unauthorized access and data breaches.

LocationUAE
IndustryFinance
ServicesSecurity Testing Services

Client

Our client is a UAE-based startup made up of a team of world-class experts in investment, finance, design, data science, and technology who aim to deliver the best investment experience. By wanting to democratize investing for its community, the client has developed a financial platform and app that lets customers easily and intuitively trade stocks and ETFs and save and invest money passively, all in one place.

Today, the platform offers a one-stop shop for hands-off auto-investing, self-directed trading of stocks, ETFs, Crypto, and a place to park their cash while earning interest. The company’s hybrid model provides access to on-demand investment experts and a human customer support team that are available to answer clients’ questions.

Business Challenge

Striving to provide a 100% secure platform, the client engaged DataArt to perform penetration testing of their web platform and mobile applications. The penetration test's main goal was to check if it is possible to compromise applications to get unauthorized access to company resources or its users' data.

Solution

DataArt utilized a proprietary penetration testing methodology based on the most well-known and established penetration testing guides such as the Open Web Application Security Project Testing Guide, Open-Source Security Testing Methodology Manual, Penetration Test Guidance for PCI DSS Standard, and NIST Technical Guide to Information Security Testing and Assessment.

The methodology incorporated the following five phases:

  • Planning: Working closely with the client to clearly define and document the assessment’s objectives, scope, and rules of engagement.
  • Information Gathering: Collecting and examining key information about the target applications and related infrastructure to become familiar with the functionality and the placement of application security controls.
  • Vulnerability Discovery and Analysis: Utilizing both manual and automated approaches, identifying possible security issues that can compromise sensitive information and unauthorized access.
  • Exploitation: Investigating potential security issues and attempting exploits, which helps to confirm issues’ criticality, obtain evidence, and obtain additional surface for testing (within the authorized boundaries).
  • Reporting: Compiling a report with a non-technical executive summary and detailed technical sections with a prioritized list of findings and practical recommendations for their remediation.

For mobile applications, DataArt focused on reverse-engineering application logic and its security controls, dynamic application analysis, and inspection of locally stored data. DataArt analyzed all application communications with remote services and ensured the security of any transmitted data.

During the assessment, DataArt could not compromise the platform or relevant infrastructure. However, the assessment revealed several vulnerabilities with high, medium, and low risks, including:

  • Insecure local storage of user data within mobile apps
  • Insufficient anti-reversing protection of mobile apps
  • Insecure web session management mechanisms
  • Weak user password quality control and username enumeration
  • Cross-site scripting vulnerabilities within the administrative interface
  • Leakage of potentially sensitive information
  • Use of vulnerable dependencies

Leaving these vulnerabilities unattended could, in combination with other capabilities or information, result in the compromise or unauthorized access of a network, application, or information.

DataArt provided recommendations as to how to eliminate each vulnerability.

DataArt’s assessment proved the client’s platform offers a high degree of security, making it almost impossible to compromise the platform. The assessment also helped individualize vulnerabilities that might cause a threat of unauthorized access to sensitive information.

DataArt proposed a solution that would help to further reinforce the platform. Now that the client has addressed those vulnerabilities, their platform can be considered unexploitable.

Tools Used

Burp Suite Pro
Nessus Professional
DirSearch
SQLmap
Nmap
Frida
Chainbreaker
Cycript

Ask AI for More on Such Success Stories

Please note: While we aim to provide accurate and up-to-date information, AI-generated responses may occasionally be incomplete or incorrect. See Terms of Use.
Looking for a Reliable Technology Partner?

Our team will reach out within 24 hours to gather your project requirements, clarify your business objectives, and outline the next steps in our collaboration.

Choose from the list
Choose from the list
Company
Services
Industries
Insights
Clients
Contact Us
Anonymous Report
Sustainability Report
New York
London
Zug
Munich
All locations
EN

By using our site, you acknowledge that you have read and understand our Privacy and Cookie Policy.

All trademarks listed on this website are the property of their respective owners. All rights reserved.

Copyright © 2026 DataArt