We are conducting a security assessment for a new BankID login flow for our mobile app.

The assessment will focus on identifying potential security threats, including:

• General security vulnerabilities, design flaws, and lack of best practices for APIs, authentication, and OAuth/OpenID flows.
• Session reuse issues
• Problems arising from insufficient transactional integrity in the login flow

Please note that the scope of the assessment is limited to the part of the code associated with this login flow in the mobile app, along with the related APIs and logic. The rest of the mobile app is not included in this assessment.

The ideal candidate should possess a deep understanding of OpenID Connect/OAuth and have experience in penetration testing and security assessments of similar implementations. We will provide testing environments, system schematics, and access to the source code.

Testing can be conducted remotely, but access requires an xx laptop, and initial setup is preferably done at our office in Stockholm. The suggested duration for the assessment, including reporting, is approximately 8 days.

About Rasulson Consulting

Rasulson Consulting is a specialized staffing and recruitment firm focused on the IT sector. We collaborate with leading tech companies and innovative startups to provide exciting career opportunities for individuals passionate about digital development. With our deep technical expertise and extensive network, we efficiently match the right talents with the right assignments. At Rasulson Consulting, you’ll receive personalized guidance, regular feedback, and the chance to take the next step in your IT career.