Meet Roger

Meet Roger provides a unified internal communication platform designed to replace fragmented tools with a single, streamlined solution. With both web and mobile applications in scope, the platform handles sensitive internal company communications and user data.

The inclusion of a mobile application introduced additional attack surfaces, particularly around:

• Push notification handling
• Session management across devices
• Authentication and authorization logic
• Access control enforcement

Meet Roger required structured penetration testing to validate security maturity and provide documented assurance to enterprise clients.

Cyrex conducted comprehensive grey box penetration testing across both the web and mobile environments.

This approach combined architectural insight with realistic attack simulation to evaluate exposed services and internal logic.

Our engagement included testing of:

• Authentication and session management workflows
• Information disclosure risks
• Access control flaws
• Denial-of-service (DoS) protection mechanisms
• Business logic vulnerabilities

Special attention was given to mobile-specific considerations, including push notification handling and session persistence across devices.

Cyrex identified multiple vulnerabilities, several considered critical by the Meet Roger team.

We delivered:

• A comprehensive and clearly structured security report
• Risk-based prioritization of findings
• Actionable remediation guidance aligned with best practices

After patches were applied, Cyrex performed full sanity and regression testing to confirm that vulnerabilities were resolved and no new weaknesses were introduced.