Back

USAID – Application Vulnerability and Risk Assessment 

Contractor Name, CAGE Code, DUNS

De Lune Corp.
Cage: 7WU37
DUNS: 080517374

Contracting Activity

Government Contracting

Del. Schedule-Start/Completion Date

August 2022 – January 2023

Contract Description

Vulnerability and risk assessment on a system developed by USAID to disseminate agricultural knowledge and technology to farmers

Specific Experience

Moodle Cloud Platform:
Conducted Vulnerability Analysis on Moodle Cloud Platform.

  • Reviewed the current configurations of LMS (Moodle) against leading practices such as NIST 800-53, MITRE, OWASP etc
  • Conducted Third Party Risk Assessments on Moodle Cloud Platform.
  • Presented the evidence to the stakeholders and developed risk-based recommendations

     Android Application Analysis:

  • Phase One:
    Reviewed the android application as an end-user.
    Identified and executed relevant attack techniques/vectors that an adversary can leverage
    Reversed engineered the APK application and analyzed API-based vulnerabilities.
    Developed risk-based recommendations for hosted cloud applications and the android application.
    Conducted API network traffic-based analysis and identified application vulnerabilities. 
    Presented the evidence to the stakeholders and developed risk-based recommendations
  • Phase Two: 
    Reviewed the android application Source Code as developer. 
    Identified the attack vectors that can be leveraged for exploitation.
    Conducted Back-End and Front-End application source code static analysis.
    Documented and generate reports for identified Vulnerabilities, Security Hotpots,  Bug Fixes and Misconfigurations
    Developed risk-based recommendations and secure codes