Successful completion of a comprehensive whitebox penetration testing exercise
This badge was issued to
KOBIL GmbH
Sekurno successfully performed a comprehensive gray-box penetration test for KOBIL Shift Platform, Mobile apps (Android/iOS) and SSMS management service, thoroughly assessing both API endpoints and cloud infrastructure. The results highlight KOBIL’s strong commitment to maintaining a robust security posture and proactively addressing cybersecurity risks.
Earning Criteria
No Critical or High-Level Vulnerabilities
No vulnerabilities were identified with critical or high severity levels, or they have been successfully remediated or mitigated.
No Active or Exploitable Threats
Final validation confirmed the absence of any active or exploitable threats, ensuring the system was secure at the time of testing.
OWASP WSTG/MASTG Compliance Score > 90%
The system demonstrated strong security hygiene by scoring over 90% against the OWASP Web/Mobile Security Testing Guide (WSTG/MASTG), covering key areas such as authentication, access control, and input validation.
Methodology
Penetration Testing Execution Standard - an innovative penetration testing methodology being developed by the group of world leading penetration testing, security audit, and social engineering professionals.
OWASP Web Security Testing Guide - a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers all over the world.
OWASP Threat Modelling Process - a structured guide to application threat modeling that enables teams to identify, quantify, and address the security risks associated with an application.
OWASP Mobile Application Security Testing Guide (MASTG) - is a comprehensive manual for mobile app security testing and reverse engineering.
Issue Date
May 5, 2026
Expiration Date
May 5, 2027
Security checks
OWASP WSTG categories
✔️ Information Gathering
✔️ Configuration Testing
✔️ Identity Management Testing
✔️ Authentication Testing
✔️ Authorization Testing
✔️ Session Management Testing
✔️ Input Validation Testing
✔️ Error Handling
✔️ Cryptography
✔️ Business Logic Testing
✔️ Client Side Testing
✔️ API Testing
OWASP MASTG categories
✔️ Storage
✔️ Crypto
✔️ Auth
✔️ Network
✔️ Platform
✔️ Code
✔️ Resilience
* ✔️ status means no critical high vulnerabilities associated with the category.