Successful completion of a comprehensive whitebox penetration testing exercise
This badge was issued to
Function Health
Sekurno successfully performed a comprehensive white-box penetration test for Function Health Web & Mobile applications (Android/iOS), thoroughly assessing both API endpoints and cloud infrastructure. The results highlight Function Health's strong commitment to maintaining a robust security posture and proactively addressing cybersecurity risks.
Earning Criteria
No Critical or High-Level Vulnerabilities
No vulnerabilities were identified with critical or high severity levels, or they have been successfully remediated or mitigated.
No Active or Exploitable Threats
Final validation confirmed the absence of any active or exploitable threats, ensuring the system was secure at the time of testing.
OWASP WSTG/MASTG Compliance Score > 90%
The system demonstrated strong security hygiene by scoring over 90% against the OWASP Web/Mobile Security Testing Guide (WSTG/MASTG), covering key areas such as authentication, access control, and input validation.
Methodology
Penetration Testing Execution Standard - an innovative penetration testing methodology being developed by the group of world leading penetration testing, security audit, and social engineering professionals.
OWASP Web Security Testing Guide - a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers all over the world.
OWASP Mobile Application Security Testing Guide (MASTG) - is a comprehensive manual for mobile app security testing and reverse engineering.
OWASP Top 10 LLM - a community-driven standard for identifying and mitigating the most significant security risks in LLM-powered systems.
OWASP Threat Modelling Process - a structured guide to application threat modeling that enables teams to identify, quantify, and address the security risks associated with an application.
Issue Date
December 22, 2025
Expiration Date
December 22, 2026
Security checks
OWASP WSTG categories
✔️ Information Gathering
✔️ Configuration Testing
✔️ Identity Management Testing
✔️ Authentication Testing
✔️ Authorization Testing
✔️ Session Management Testing
✔️ Input Validation Testing
✔️ Error Handling
✔️ Cryptography
✔️ Business Logic Testing
✔️ Client Side Testing
✔️ API Testing
OWASP MASTG categories
✔️ Storage
✔️ Crypto
✔️ Auth
✔️ Network
✔️ Platform
✔️ Code
✔️ Resilience
* ✔️ status means no critical high vulnerabilities associated with the category.