Tiko Penetration Test At Triggerise

Introduction/background of Tiko

Tiko Africa is an organisation that uses its digital platform called Tiko to motivate users – primarily young women and adolescent girls – to make positive choices. We use nudges like reminders, discounts, in person and digital follow-ups, and reward points to encourage our users to access and use healthy products and services. We also support them in becoming entrepreneurs and adding value to their economies. Tiko Africa’s reward points can be used to redeem products and services at local shops, or as subsidies to cover the cost of sexual and reproductive health (SRH) services, removing the cost to access for the users, who are primarily 15-24 year old adolescent girls and young women (AGYW).

Tiko Africa has operations in the following countries either by having offices or by working through local partners in Kenya, Uganda, Ethiopia, Burkina Faso and South Africa.

Tiko Africa is sourcing for consulting services from a recognised company to perform penetration testing on our systems. The report generated from the test results identify system flaws and highlight the steps that need to be taken to address them. The consultancy will advise on penetration testing methodologies, process and phases, this should be included in the proposal

Scope of work

The scope of the penetration test will include a comprehensive assessment of the Tiko platform:

• Testing of mobile applications (Android).
• Assessment of web-based interfaces and APIs.
• Evaluation of backend services, databases, and server infrastructure.
• Exclusion of physical security assessments or social engineering attacks.
• Testing to be conducted on staging environments to minimise impact on production systems.

The penetration testing should follow a combination of automated scanning tools and manual testing procedures. Testing methodologies will align with OWASP standards, focusing on common vulnerabilities such as injection flaws, authentication bypass, and insecure data storage.

.

Deliverables

The following to be presented in a report;

1. Comprehensive vulnerability assessment report
2. Executive summary highlighting critical findings and recommendations
3. Technical report detailing identified vulnerabilities, severity levels, and remediation steps
4. Failed and successful hacking methods.
5. Post-engagement support for addressing any queries or concerns

Evaluation criteria

Proposals will be evaluated in two parts. The experience, technical proposal and financial quotation shall bear 70% of the total marks while the references and financial capacity shall bear 30% of the total marks.

• Proposals should make clear about the relevant skills, experience and capacity of the participant, in respect of this particular RFP.
• Proposals must contain the details of the proposed approach to be adopted in order to deliver the service in accordance with the RFP.
• Proposals should clearly indicate whether or not bid participants have the capacity to meet the requirements of the RFP.
• Proposal should clearly indicate compliance with the appropriate data protection, privacy, legal, social, tax and ethical issues applicable to the country

Description

1.Experience, Skills and Ability

• Past experience in similar work of this nature.
• Team member experience (accompanied by brief CV’s).
• Ability of the bidder to fulfil Tiko Africa’s requirements

Weight: 30

2.Technical Approach and Execution Plan

• Proposals must contain the details of the proposed approach to be adopted in order to deliver the service in accordance with the RFP.

Weight: 40

3.Financial quotation

• Proposals should include a detailed cost breakdown of proposed budget

Weight: 15

4.References

• Did the bidder submit at least three relevant and contactable clients that were serviced in the past 36 months.

Weight: 15

Totals weight: 100