Security assessment for mobile healthcare platform with cloud infrastructure.
Country: Australia
Client Industry: Healthcare Technology
Background
XEye Security was commissioned by an Australian healthcare provider to perform a penetration test and issue a formal security attestation for their mobile and cloud-based application. The platform, used in aged care and clinical environments, leverages Firebase backend infrastructure hosted on Google Cloud. With patient trust and regulatory compliance on the line, the client needed a rapid, thorough security evaluation aligned with OWASP standards and ASD Essential Eight guidelines.
Challenges
1. Weak Firestore security rules exposing sensitive data pathways
2. Mobile endpoints lacked sufficient encryption controls
3. Authentication flow allowed brute-force attempts due to rate misconfiguration
4. API routes lacked token validation across critical user actions
Solution
1. Hardened Firebase configuration with strict access and audit policies
2. Secured mobile app interfaces using encrypted session handling
3. Implemented tokenized API gateways with validation and timeout protocols
4. Delivered white-box testing artifacts and full attestation report
Results
1. Platform security validated for aged-care compliance standards
2. Critical vulnerabilities remediated within 72 hours
3. Formal attestation issued for client stakeholders and auditors
4. Ongoing security partnership established for quarterly assessments
