Successful completion of a comprehensive whitebox penetration testing exercise
This badge was issued to
Coreway UG (haftungsbeschränkt)
Sekurno successfully performed a comprehensive white-box penetration test for Coreway's Android and iOS mobile apps, thoroughly assessing both API endpoints and cloud infrastructure. The results highlight Coreway's strong commitment to maintaining a robust security posture and proactively addressing cybersecurity risks.
Earning Criteria
No Critical or High-Level Vulnerabilities
No vulnerabilities were identified with critical or high severity levels, or they have been successfully remediated or mitigated.
No Active or Exploitable Threats
Final validation confirmed the absence of any active or exploitable threats, ensuring the system was secure at the time of testing.
OWASP WSTG Compliance Score > 90%
The system demonstrated strong security hygiene by scoring over 90% against the OWASP Web Security Testing Guide (WSTG), covering key areas such as authentication, access control, and input validation.
Methodology
Penetration Testing Execution Standard - an innovative penetration testing methodology being developed by the group of world leading penetration testing, security audit, and social engineering professionals.
OWASP Web Security Testing Guide - a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers all over the world.
OWASP Threat Modelling Process - a structured guide to application threat modeling that enables teams to identify, quantify, and address the security risks associated with an application.
OWASP Mobile Application Security Testing Guide - a comprehensive guide to testing the security of Android and iOS applications. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers all over the world.
Issue Date
April 30, 2025
Expiration Date
April 30, 2026
Security checks
OWASP WSTG categories
✔️ Information Gathering
✔️ Configuration Testing
✔�️ Identity Management Testing
✔️ Authentication Testing
✔️ Authorization Testing
✔️ Session Management Testing
✔️ Input Validation Testing
✔️ Error Handling
✔️ Cryptography
✔️ Business Logic Testing
✔️ Client Side Testing
✔️ API Testing
OWASP MASTG categories
✔️ Storage
✔️ Crypto
✔️ Auth
✔️ Network
✔️ Platform
✔️ Code
✔️ Resilience
* ✔️ status means no critical high vulnerabilities associated with the category.