Stand a chance to win a gaming chair worth USD$400 from the award-winning company Secretlab!
logo

EN

Products +

Services +

Customers +

Partners +

Resources +

DANA Keeps Mobile App Compliant With Financial Regulations Using Horangi Pentest

DANA is a Fintech company focused on delivering inclusive financial services (payment) in Indonesia, on a mission to build a cashless society in Indonesia, enabling secure, scalable, and seamless transactions. To meet stringent financial regulations required by important partners such as Bank Indonesia, DANA engaged Horangi to conduct a black box Mobile App Penetration Test.

Summary:

  • DANA required a pentest to meet compliance requirements on its new software releases
  • Horangi conducted a black box Penetration Test on the DANA mobile app that serves as a user's digital wallet
  • DANA successfully met its regulator's requirements and can now safely push the new features to deliver a better and more seamless customer experience 

“Good pentesters are like diamonds. Horangi's consultants proved to be exceptional at the job, delivering a professional engagement and a detailed report that enabled my team to meet the compliance objectives efficiently."

— Yustin Anggraeni, IT Audit Manager

The Business Challenge

Evolving financial regulations in Indonesia increase the importance for financial service organizations such as DANA to continuously assess their security posture and ensure it stays protected against the newest cyber threats and attack vectors. After all, DANA regularly releases new features and it is mandated that every major release should be accompanied with a supporting pentest report. Along with the need to comply with regulations, DANA recognizes the need to work with an established security partner to reap the efficiency and scalability rewards from a long-term collaboration. 

Why Horangi?

DANA had worked with other security vendors in the past, and is always looking to find great partners. DANA IT Audit Manager Yustin Anggraeni heard about Horangi through a common contact, for whom Horangi had done a similar service. Hearing the good things the contact had to say about Horangi gave Yustin the confidence to engage Horangi for the job. 

The Engagement: Mobile App Pentest

Horangi conducted a black box penetration test on the DANA mobile app, on both the frontend and backend environments. The DANA mobile app acts as a customer's digital wallet, syncing with a customer's bank cards, allowing users to do cash top ups, withdrawals, and also pay approved third party merchants. Through the project, Horangi consultants applied the company's methodology to identify and test critical app vulnerabilities according to the scope. All of this resulted in a standard report and formal presentation with recommendations for the DANA security team to work on.

The Results: Stronger Security For The Customer

Horangi's penetration test enabled DANA to meet its business objectives of having its newest features approved by Bank Indonesia and other regulators. Yustin is highly impressed at the job done by Horangi, confident that the mobile app is now resilient against the most likely attack vectors. As such, the team has the peace of mind to release the features to their customers, helping to improve the user experience while staying secure according to best practices.

Horangi's consultants demonstrated a strong grasp of cybersecurity knowledge and cutting-edge security testing skills in aspects including bypassing SSL pinning with ease. "Good pentesters are like diamonds. Horangi's consultants proved to be exceptional at the job, delivering a professional engagement and a detailed report that enabled my team to meet the compliance objectives efficiently." said Yustin. "The security community in Indonesia is tight-knit, and our team is aware of which companies hire good pentesters. It is this that reaffirms my trust in Horangi and why they will be a strong fit for any company looking for a full-service and comprehensive penetration test."

Horangi is proud to continue serving DANA on its mission to build a cashless society in Indonesia, delivering top-quality financial services to anyone in society with a mobile phone.