This report documents a penetration test against the NewsPal Media application and its connected entities.
With regard to the approach and scope, this assessment aimed at tackling the mobile NewsPal Media application, which effectively expanded the coverage to the API server employed by the app and its connected website. The Cure53 testers had access to source code for all of the mentioned instances. Furthermore, an operational staging server was made available to facilitate the tests, while an additional advantage was granted in the form of a single user-account provided by the Client.
The full report and a summary of findings can be found below.