LISTA PH'S COMMITMENT TO CYBERSECURITY WITH SECUNA

Introducing LISTA PH
Empowering a thriving community of over 1 million users to achieve their financial aspirations, Lista has transformed the Filipino landscape of financial management since its grand debut in November 2021. With its easy-to-use financial tools, Lista has streamlined the process of managing money, making it effortlessly accessible and seamless for individuals to navigate their financial journeys.

As Lista continues to expand their community and introduce loads of fun features to bring more practical and positive benefits to their users' daily lives, the commitment to protecting their users' data and privacy from digital threats also become their top priority. Recognizing the importance of the trust placed in them by their user base, Lista has teamed up with Secuna. This collaboration involves routine checks and comprehensive testing to ensure that their application, from the main products down to their backend services, is safe and secure.

Changing the Game of Managing Finances
In an era marked by digital transformation, a shift further accelerated by the COVID-19 pandemic, consumers have significantly gravitated towards online channels. In response, companies and industries have swiftly adapted to this changing landscape.

Notably in the Philippines, a prominent shift has been observed in digital payments, with Filipinos increasingly embracing cashless transactions through mobile wallets or card-based payments. Concurrently, organizations, spanning from SMEs to large enterprises, are continuously and proactively seeking ways to align with and adapt to this ongoing digital transformation.

This shift in both individual and organizational behavior presented a great opportunity for Lista to pursue its mission of helping Filipinos keep their finances in check through their handy mobile application. From budgeting and expense tracking to setting and reaching your own financial goals, Lista has become one of the leading apps on financial management in the Philippines.

Listing Cybersecurity Promises
Lista, being committed to guaranteeing the protection and privacy of their users’ data, seeks to deliver this promise by overcoming the following challenges:

• Let users’ data be constantly protected from security vulnerabilities
• Introduce new features consistently while keeping the app also consistently secured
• Secure their infrastructure as they continue to scale, preventing any hiccups that could cause any trouble
• Test API resources thoroughly to ensure that there are no broken authentication or security vulnerabilities introduced to their system
• Achieve regulatory compliance with partners by presenting security testing results

Why Secuna?
Secuna, as a community-powered cybersecurity testing platform, is well known for their collaborative approach in conducting security testing.

From the initial engagement, Lista expected that Secuna’s team of skilled and seasoned penetration testers would provide high-quality and detailed reports — and they successfully delivered. In addition, being able to directly communicate with the penetration testers and discuss remediation recommendations made the process of fixing vulnerabilities on their end more seamless. This level of expertise and professionalism has not only drawn Lista back for not just one or two, but three successful collaborations in 2023 alone — and they are looking forward to teaming up again in future engagements.

Continuously Elevating Cybersecurity Standards
Lista engaged in several collaborative efforts with Secuna, initiating a comprehensive penetration testing for the entire system of their Android and iOS mobile applications during their first engagement. Subsequently, upon the introduction of new features such as Budget Buddy, OCR, and the KYC process, a targeted round of testing was conducted to assess the security of these specific modules. Lastly, Lista took a proactive stance in enhancing its security posture by extending the assessment to include the security evaluation of their AWS cloud infrastructure in their latest engagement in 2023.

The collaboration highlights the following actions:

• The penetration testing for Lista’s mobile applications was done based on frameworks like OWASP MSTG/MASVS and OWASP Top 10 API Vulnerabilities.
• Secuna’s own penetration testing methodologies along with other cloud exploitation frameworks were applied for Lista’s cloud asset.
• Detailed reports were provided in real-time in the Secuna platform, prompting immediate action on the most important items, over the course of each engagement.
• Agile and highly collaborative remediation approach was utilized through the Secuna platform.
• Secuna provided unlimited retesting for 1 month for each engagement to properly verify the effectiveness of the fixes applied by Lista on the discovered vulnerabilities.

And these actions yielded the following outcomes:

• The Secuna team, on average, submitted the first vulnerability report within 4.5 days from the start of engagement.
• The Lista team successfully fixed a total of 24 security vulnerabilities identified by the Secuna team.
• Among the identified vulnerabilities, six (6) were rated from High to Critical by the Secuna team based on the industry-standard scoring system CVSS 3.1.
• The Lista team demonstrated a commendable response time, averaging 34.5 days to remediate the first valid report submission.
• The Lista team showcased an impressive average remediation time of 34.5 days.
• During the retesting phase, only 25% of the applied fixes were reopened, highlighting Lista team’s ability to deliver immediate and effective remediation.

Making a Difference
As Secuna and Lista continue to work together, the latter has now adopted multiple security practices to enhance the protection of their assets and users’ data.

Lista indicated that they have incorporated and followed Secuna’s recommendations to boost their security — this includes readying tools for automating code scans to check for vulnerabilities and improve code quality.

Moreover, along with applying specific practices on their own, Lista also stated the importance of having the security of their products and services regularly tested by an organization that they trust, which has been Secuna for over a year and counting.

As a company that extends their commitment to cybersecurity to everyone, here’s a piece of advice Lista has for other organizations that are considering getting penetration testing services,

“Don’t compromise on cybersecurity, as even minor vulnerabilities can significantly impact your organization. Collaborate with seasoned partners like Secuna to assess the security of your products, services, and infrastructure.”

Are you ready to secure your platform? Collaborate with Secuna now!