The Client
Fels Group GmbH operates FollowMyMoney.de, a digital investment platform that offers asset management and expert guidance for private capital allocation. The company is committed to ensuring a high level of trust and security for its users.
The Challenge
Fels Group GmbH commissioned TestArmy to conduct penetration testing for the web-based platform FollowMyMoney.de, as well as its mobile applications for Android and iOS. Given that the system processes sensitive financial information, including credit card data, security assurance was critical.
Additionally, the project included a compliance audit of the client’s internal testing processes against the strict cybersecurity guidelines of BaFin – the German Federal Financial Supervisory Authority.
The goal was to detect and eliminate vulnerabilities while ensuring full regulatory alignment with financial sector standards in Germany.
Our Approach
The security assessment was a structured and controlled penetration test designed to uncover weaknesses in the client’s infrastructure and suggest improvements to enhance overall cybersecurity posture.
Our scope included:
- API penetration testing
- Web application penetration testing
- Mobile app security testing (Android & iOS)
- Firewall configuration review
- Automated vulnerability scans
- Manual security testing
- Access control and role verification
Each identified vulnerability was documented in a comprehensive cybersecurity report with remediation recommendations, categorized by risk level and potential impact.
Results
Within just 7 days, a team of 4 experienced TestArmy ethical hackers delivered the full audit, significantly improving the security landscape of the client’s digital ecosystem.
- Critical vulnerabilities were identified and mitigated, strengthening the client’s web and mobile security.
- All tests followed OWASP ASVS v4.0 methodology to ensure industry best practices.
- Re-tests confirmed that key issues had been successfully resolved.
- The BaFin compliance review allowed the client to align their internal procedures with current German financial regulations.
This proactive approach helped Fels Group GmbH not only protect sensitive user data but also gain confidence in its regulatory readiness.
