MarketWolf Securities Private Limited is a prominent trading platform, catering to 1.7M+ users, offering an engaging and fast trading experience. Being a SEBI-registered trading company, compliance with regulatory directives, particularly regarding cybersecurity, is paramount. Following the SEBI Circular SEBI/HO/ITD_VAPT/P/CIR/2023/033, MarketWolf identified the need to strengthen its cybersecurity infrastructure, particularly focusing on SOC solutions with SIEM and SOAR capabilities, as well as conducting quarterly audits and VAPT assessments. To ensure compliance with SEBI regulations and enhance its cybersecurity posture, MarketWolf partnered with Threatsys, a trusted cybersecurity firm specializing in SOC solutions and compliance services along with cyber security testing services. Through its flagship product CYQER, Threatsys offers comprehensive SOC as a Service, providing MarketWolf with advanced real-time 24×7 threat detection and monitoring, incident response, and regulatory compliance capabilities with FIM, SOAR, UEBA, etc.

MarketWolf faced the challenge of ensuring robust cybersecurity measures to safeguard its users’ data, financial transactions, and overall infrastructure. Compliance with SEBI regulations necessitated a comprehensive approach to cybersecurity, including the implementation of SOC solutions, conducting regular audits and assessments, and ensuring data localization.

The scope of the collaboration between MarketWolf and Threatsys extended beyond mere compliance to proactive cybersecurity measures. It included:

• Cyber Security as a Service (CSaaS): Threatsys delivers CSaaS through CYQER, offering MarketWolf round-the-clock monitoring, threat intelligence analysis, and incident response capabilities. This comprehensive approach enhances MarketWolf’s cybersecurity posture and enables proactive threat management.
• SEBI Compliance Audit: Conduct audits aligned with SEBI regulations, including VAPT assessments, system audits, and data localization audits, to ensure adherence to regulatory requirements.
• Collaborative Partnership:  Threatsys and MarketWolf establish a collaborative partnership aimed at long-term cyber resilience. By sharing expertise, knowledge, and best practices, both parties work together to address emerging cybersecurity threats and stay ahead of regulatory changes.
• SOC as a Service: Providing SOC solutions encompassing SIEM and SOAR capabilities, offering real-time monitoring, threat detection, and incident response services to proactively mitigate cybersecurity risks.
• CERT-in Cybersecurity Audit and ISO 27001 Compliance: Conduct regular CERT-in cybersecurity audits to assess the effectiveness of existing controls, identify potential weaknesses, and implement remediation measures. Conducted ISO 27001:2022 ISMS Compliance and issued the Certification from UAF Accrediation with our certification body.
• DLP Solutions: Implementing DLP solutions to prevent unauthorized data exfiltration, ensuring the confidentiality and integrity of sensitive information.

Securing 1.7M Users of MarketWolf and Protecting MarketWolf with CYQER and our efficent vCISO Services: CYQER’s holistic cybersecurity approach, encompassing SOC solutions, compliance audits, and DLP measures, played a pivotal role in safeguarding MarketWolf’s users and infrastructure. Through proactive threat management, regulatory compliance, and ongoing collaboration, MarketWolf and CYQER demonstrated their commitment to cybersecurity excellence, setting a benchmark for the industry and ensuring a secure trading experience for millions of users.

Mr. Deepak Kumar Nath serves as the virtual Chief Information Security Officer (vCISO) for Marketwolf. His role encompassed developing robust security strategies, conducting risk assessments, ensuring compliance with industry regulations, and protecting digital assets against cyber threats.

The collaboration between MarketWolf Securities Private Limited and Threatsys yielded tangible results:

• Enhanced Cybersecurity Posture with Cyber Security Testing : MarketWolf strengthened its cybersecurity defenses, mitigating risks, and vulnerabilities identified through comprehensive assessments and audits.
• SEBI Compliance with Security Audit and it’s Review : MarketWolf achieved full compliance with SEBI regulations, thanks to CYQER’s expertise in conducting audits, implementing controls, and facilitating regulatory adherence.
• Long-Term Cyber Resilience with SOC Solutions: The strategic partnership between MarketWolf and CYQER laid the foundation for long-term cyber resilience, enabling proactive threat management, continuous improvement, and adaptation to evolving cybersecurity challenges.
• Improved User Trust with Regular Monitoring and Security Updates: By prioritizing cybersecurity and regulatory compliance, MarketWolf reinforced user trust, assuring its 1.7M+ users of a safe, secure, and compliant trading environment.

In conclusion, the collaboration between MarketWolf Securities Private Limited and Threatsys, powered by CYQER and its Cyber Security as a Service, represents a significant milestone in bolstering cybersecurity measures and ensuring SEBI compliance in India. By leveraging Threatsys’ expertise and CYQER’s advanced capabilities, MarketWolf successfully navigated the SEBI CERT-IN Cyber Security Audit process in bhubaneswar, demonstrating adherence to regulatory standards and commitment to user protection.

The implementation of SOC as a Service provided round-the-clock security monitoring and incident response capabilities, enabling proactive threat detection and mitigation. Additionally, the deployment of DLP solutions further fortified MarketWolf’s defenses, safeguarding sensitive data from unauthorized access and ensuring compliance with SEBI regulations.

Through comprehensive cybersecurity audits, including VAPT assessments and application security evaluations, MarketWolf proactively addressed vulnerabilities and enhanced its resilience against cyber threats. Furthermore, CYQER’s focus on mobile app security ensured the integrity and safety of MarketWolf’s trading platform across various endpoints.

In essence, the partnership between MarketWolf and Threatsys, supported by CYQER, exemplifies a proactive approach to cybersecurity, driving continuous improvement, regulatory compliance, and user trust. As the landscape of cyber threats continues to evolve, MarketWolf remains well-equipped to navigate the dynamic challenges of cybersecurity in the financial industry, safeguarding its operations and protecting the interests of its 1.7M+ users.

Food, Supplies and Consumer Welfare Department is a composite Department with the status of both Secretariat and Directorate. Hon’ble Minister, F.S. & C.W. is Minister in charge of the Department. Food, Supplies and Consumer Welfare Department, Government of Odisha created the 4 pillar systems i.e PDS System, Directorate of Legal Metrology, Grievance Redressal System, Food Odisha Portal.

PDS ( Public Distribution System ) Welfare Scheme, The system identifies & categories the weaker section of the population as targeted beneficiaries under various schemes. They receive ration cards from the government to claim their entitlements in the form of specific quantities of essential commodities from the retail outlets every month. The significance of PDS lies in its effort to distribute food grains equitably, & at a fairly low price to the poor of the society. Rice, Levy Sugar and APL Wheat are distributed through public distribution system

Directorate of Legal Metrology, The Legal Metrology wing of the state of Odisha is functioning at the Directorate of Legal Metrology under the Food, supplies & Consumer Welfare Department of Government Headed by a senior most administrative officer designated as Controller of Legal Metrology. All the consumers generally purchase the goods either in Weight or in volume or in length or in numbers etc and the responsibility has been cast upon this organization to ensure that the consumer gets the correct quantity whether it is in Weight, in volume, in length or in numbers for which he has paid the money to the consumer. The Department is engaged in regulating use of correct weighing and measuring instruments in production, trade and commerce to ensure that exact weight, measure and number of any commodity is provided to any customer as contracted for, or paid for by him. It also safeguards consumers’ interest by ensuring mandatory declarations on packaged commodities.

Grievance Redressal System, primarily covers the receipt and processing of complaints from citizens and consumers, a wider definition includes actions taken on any issue raised by them to avail services more effectively for Ration Card under Food, Supplies and Consumer Welfare Department.

Food Odisha Portal, that consists of Transparency Portal with PDS Depots and FPS Delaer and Procurement Societies and Registration. One Portal that managed all Ration Card Management with Farmer Registration, Verified Famer, Procurement Status under PPAS, Farmerwise Payment Status, Societies Engaged, Dealer List, Stock Management, Dealer List and all.

The Food Supplies and Consumer Welfare (FSCW) Department of the Government of Odisha is responsible for managing critical information related to food supplies and consumer welfare, including the Public Distribution System (PDS) welfare scheme, which benefits a large number of citizens. The PDS scheme deals with sensitive information that pertains to the management of ration cards for 2.5 crore citizens under the One Nation One Card initiative. Given the high level of sensitivity of this information, accessing and testing it can be challenging, as it requires the maintenance of strict confidentiality measures.

To address this challenge, the FSCW Odisha has developed four major applications, including the Directorate of Legal Metrology, Grievance Redressal System, Ration Card Management System, and the FSCW PDS Application, each of which must be tested separately to ensure that they meet the necessary security requirements by Threatsys Technologies, The Leading Cyber Security Testing Service Provider in Odisha, India. The primary objective of this testing is to perform a penetration testing and cybersecurity audit on all modules, in accordance with the CERT-in Security Guidelines and other security frameworks such as the OWASP Top 10 and SANS Top 25 Vulnerabilities.

The primary focus of this web application security testing is to ensure the integrity and confidentiality of the data and application, enabling all online citizen services provided by the Government of Odisha to be securely managed throughout the state. Given that the portal deals with different levels of privileges, it is crucial to thoroughly check the permission-based access controls within different user access controls for each of the applications. By doing so, the FSCW Odisha can ensure that its applications are secure, safeguarding sensitive information, and providing reliable and secure services to the citizens of Odisha.

Threatsys, the well-known CERT-IN Cyber Security company of India, has appointed eight security researchers under the Project and Delivery Manager. In order to gain a better understanding of the application, the team thoroughly studied the workflow of the four modules before conducting any security testing. The testing was carried out on a host that was hosted on the staging server, using a variety of commercial cyber security tools, including Burp Suite, IBM App Scan, WhiteHat DAST, Veracode, Acunetix, Intruder, Netsparker, HCL Appscan, Qualsys Web Apps Scanner, OWASP Zap, SAINT, and Tenable.

During the manual testing phase, the team engaged in both black box and white box testing and identified significant security issues in the four applications managed by the Food Supplies and Consumer Welfare (FSCW) Department of the Government of Odisha. One of the applications was found to be vulnerable to Account Takeover due to a misconfiguration, which enabled the team to tamper with the victim’s email and redirect the reset link to the attacker’s email address. To remedy this issue, the team recommended implementing server-side validation of emails sent in response to a request, in order to verify whether they belonged to the requested user or not. With the coordination of the development team, this issue was resolved by adding server-side validation and removing the email parameter from the request.

The team also discovered multiple privilege escalation issues due to the lack of access controls in API requests. As a result, low-end users were able to access admin functionalities, compromising the system’s security. In addition, several other bugs were discovered and reported to the developers with detailed reports on their impact, evidence, and remediation strategies. The team worked closely with the developers to ensure they had a clear understanding of the issues and could address them promptly.

Overall, the team identified more than 35 bugs across all the portals of FSCW, including six critical and 13 high-level vulnerabilities. All projects were delivered and retested within the set deadline, with the development team taking three weeks to fix all the raised security gaps. Threatsys remains committed to ensuring the integrity and confidentiality of the data and applications it works on, helping to safeguard sensitive information and online citizen services managed by the Government of Odisha.

Threatsys has successfully completed the cyber security testing and CERT-IN Security audit project with the utmost diligence and professionalism. The company provided Initial Version 1 and Final Version 2 Reports with the appropriate support on time, and according to the proper security implementation, which has helped to issue the CERT-In VAPT certificate for all four modules of the Food, Supplies and Consumer Welfare Department, Odisha Government

All the modules of Food, Supplies and Consumer Welfare Departments are hosted in the state data centre, ensuring the highest level of security and reliability. The successful completion of the project means that citizens of Odisha can now use the Ration Card Management, PDS System, and Grievance System applications securely. These applications are now well-protected against external threats, and the highly sensitive data they process, store, and fetch are done so flawlessly. Threatsys is the No.1 Cyber Security Testing Company in bhubaneshwar that protects the data of all the citizens of Odisha and responsible for their security, integrity and privacy.

The Krushak Portal Application for Livelihood and Income Augmentation initiative was launched in India on 21 December, 2018 by Department of Agriculture & Farmers’ Empowerment, Government of Odisha . This initiative is launched by Mr. Naveen Patnaik, the chief minister of Odisha for the people of odisha those who live in Odisha permanently.

The Krushak Application program’s main goal is to provide positive outcomes for farmers who are drowning in debt. The only people who qualify for benefits under this scheme are cultivators, farmers, croppers, and landless agricultural workers. Users can only utilise the services of the portal if they have registered. However, users must visit the official website and adhere to its instructions in order to achieve this. In accordance with this programme, agricultural workers without access to land will each get ₹10,000 which may be easily deposited into the account you have set aside for that purpose. Therefore, the scheme will offer two key benefits: financial aid and other debt transfers that are sent straight into their accounts. Total Beneficiares of Kalia Yojona or Krushak Portal is 76,80,611 and still counting.

Overall, Krushak Odisha is a crucial initiative of the Government of Odisha that aims to empower farmers and promote sustainable agriculture in the state.

Threatsys, The Leading Infosec Company of India, is assigned on cybersecurity testing and CERT-IN cybersecurity audit projects for Krushak Odisha and Kalia Yojana of the government web applications is complex and challenging process due to various factors.

The web portal of “Krushak Odisha” enrolled farmers include classified informations of the farmers, personal data, adhar card details, financial records, and other sensitive data. It is important to ensure that all data is securely stored and transmitted, which can add to the complexity of the project.  The Web Application needs full security protection with the Cyber Security Audit that can ensure the privacy, inegrity and security of all the farmers in the state.

For Threatsys every challanges are unique, and we know how to tackle it. For Krushak Odisha we have very limited tight timeframes. This is challenging, especially as the application is complex with large user base. Moreover, the time required for fixing the identified security vulnerabilities is often limited, making it difficult to ensure that all issues are addressed.

But Any challenges require careful planning, effective communication, and a thorough understanding of the application’s security requirements. Overcoming these challenges can be challenging but is crucial for Threatsys to ensuring that Krushak Odisha web application is remain secured and protected from cyber threats.

Threatsys Technologies, under the guidance of CEO Deepak Kumar Nath, introduced proper roadmap to finish the Whole Project within only 20 Days of timeline. Project Manager assigned three cyber security resources to work on this cyber security project that involved performing black box testing, white box testing, and an industry-centric checklist on a web application from the production URL of Krushak Odisha.

After testing, the Threatsys Red team identified several bugs in the application, categorized into critical, high, medium, and low based on their severity. Threatsys team preapred the Initial Version 1 Report, focused on providing developer-friendly reports with clear proof of concepts, including videos of POC with proper evidence to help developers easily understand and fix the security flaws. Threatsys Team indenfied more than 30+ Vulnerabilities where as more than 60% Bugs are critical and high severity based.

During the cyber security testing of a web application, a team can use various cybersecurity tools to identify and mitigate potential security vulnerabilities. By using a combination of Automation Testing and Manual Testing, Threatsys team was effectively identify and mitigate potential security vulnerabilities in a web application.

Threatsys provided each severity type with a specific time period under which the issue should be fixed. During this period, the company’s team frequently supported developers in fixing the identified issues quickly. After the fixes were completed, the team re-audited the application to ensure that the issues were fixed perfectly. Team delivered the Final Retest Version 2 Report after the remediation of all the vulnerabilities.

Overall, Threatsys Technologies introduced effective CERT-IN solutions for cyber security testing services in bhubaneswar, including providing clear reports with POC videos and supporting developers in fixing identified issues quickly.
This helped ensure that the web application was secure and protected from potential cyber threats.

Threatsys issued the CERT-IN Safe to Host Certificate, The Krushak Odisha is hosted into State Data center successfully. as it belongs to the farmers under Government of Odisha, so it is securely managed to authenticate with the Farmers across odisha for their registration process, flawless management of all the framing details. We are Happy that Threatsys is the Cyber Security Partner of Government of Odisha for protecting the sensitive information of one crore plus farmers of odisha.

Union Bank of Nigeria (UBN) is one of the oldest and largest commercial banks in Nigeria. The bank was founded in 1917 and has since grown to become a major player in the Nigerian banking industry. UBN provides a wide range of banking and financial services, including corporate banking, retail banking, and investment banking. The bank has a strong presence in Nigeria, with over 300 branches and ATMs nationwide. Union Bank also operates in other African countries like Ghana, Sierra Leone, The Gambia and Liberia. The bank has also built a notable reputation for its Corporate Social Responsibility initiatives and its support of the Nigerian economy.

Union Bank of Nigeria is a large banking organisation having complex functionalities with a diverse range of systems and networks. As it has a large user base processes , stores and uses user’s financial data, it should be safe from all kind of threats. Union Bank of Nigeria is subject to various laws and regulations that govern the banking sector. While testing we need to keep in mind about the laws as well. Except that the error percentage during the test should be zero, our major focus towards the unauthorised data leaks and financial losses that can harm the organisation

As this is a sensitive project dealing finance and banking services, we have followed our own security checklist specially designed for banking sectors along with other popular security frameworks like OWASP , SANS25, PCI DSS security Guidlines . At first we have gone through the workflow of that application to understand it better before doing any security testing there. Each and every test was done under a host hosted on the staging server. We have started the audit With a team of highly experienced penetration testers, we divide each memebr with separate modules for completing the project before the deadline. As per procedures we initiated an automation scan( using paid enterprise tools) against the target and found several low hanging bugs. During the time of manual testing , our team first engaged themselves with black box testing and found several bugs , but worth mentioning here, the application is vulnerable for dBlind Xss During one signup which was executing directly on the banking administrator portal , this leads to the total account takeover of the admin portal. Then during white box test, we found one malicious user can have access to all other user’s personal financial Information. In total we found several bugs from the portal.

The team now has all the required evidences , root causes and preventions for the bugs we have found. We made a detailed security report v1.0 and coordinated continuously with the team of developers for fixing out all the raised security issues. After few days we confirmed the raised issues to be addressed by the dev team and provided them the final 2.0 version.

Threatsys have completed the security testing on time successfully and the application code was updated with the fixed code in the live server . Now the portal is running securely and providing financial services to thousands of users flawlessly.

That means Threatsys is protecting the banking users of Nigeria and making the whole UBN secure enough.

e-Despatch is an online system for tracking and managing the movement of official documents in the Indian state of Odisha. It is designed to streamline the process of sending and receiving official documents between different departments and agencies within the state government. The system allows users to track the status of their documents in real-time, and provides features such as document scanning, digitization, and electronic signature. It aims to improve the efficiency and transparency of the government’s document management process.

The e-Despatch portal is a crucial application for Govt. Of Odisha through which the official documents are exchanged securely in between different departmental users. This makes it mandatory to have proper security implementations throughout the application as it stores, process and fetch highly confidential state govt Data.

Dealing with any Govt. Assets for security audit is always challenging. The challenge for us to perform a penetration testing against the portal following the Cert-in Security Checklist along with other security frameworks like OWASP top 10 and SANS 25. The security testing is focused with securing the integrity and confidentiality of the data. Additionally , as the portal deals with different number of privileges , we have to check thoroughly for the permission based access controls.

At first we have gone through the workflow of that application to understand it better before doing any security testing there. Each and every test was done under a host hosted on the staging server. We have started the audit With a team of 4 experienced penetration testeres, we divide each one to separate modules for completing the project before the deadline. As per procedures we initiated an automation scan( using paid enterprise tools) against the target and found several low hanging bugs. During the time of manual testing , our team first engaged themselves with black box testing and found that the application is vulnerable for disclosing sensitive information to the public users and few of the departmental user’s accounts can be taken over. After completing the white-box testing, our team came to an end with a total of 17 bugs including low to critical vulnerabilities.

The team now has all the required evidences , root causes and preventions for the bugs we have found. We made a detailed security report v1.0 and coordinated continuously with the team of developers for fixing out all the raised security issues. After few days we confirmed the raised issues to be addressed by the dev team and provided them the final 2.0 version.

Threatsys have completed the security audit on time and was happy to issue the Cert-In Ready to host certificate for that portal. The portal e-Despatch Odisha was being hosted into the state data centre. Now the portal is secure enough from the external threats and the highly sensitive data are processed , stored and fetched flawlessly.

Student Academic Management System (SAMS) is an integrated portal which provides a common platform for admission into various courses across the State through e-Admission and also several e-Services to students at institution level through e-Administration.

This initiative was started in 60 Junior Colleges during academic session 2009-10 and expanded to 169 junior college and 53 degree(+3) Colleges during the session 2010-11. After successful implementation of online admission during the session 2010-11 and 2011-12 under the project SAMS it has been decided to cover all junior colleges(including +2 self financed college) and 162 degree colleges (+3) during session 2011-12. After getting good feedback from college and students All junior & Degree/Autonomous students have come to SAMS Fold and it has been approved by Government of Odisha students take online admission into Junior / Higher Secondary School and degree(+3) classes of Arts, Commerce and Science streams along with Vocational & Sanskrit Educational institutions. This admission process, carried out through internet and computers is called as e-Admission. At present, SAMS covers additional courses in addition to the above i.e. it covers Correspondence, ITI, Diploma, Teacher Education, Physical Education of different departments. Besides e-Admission, SAMS also maintains the academic and financial records of each student admitted into the different educational institutions.

SAMS Application Project consists of Several modules i.r for Higher Education, School & Mass Education, Skill Dev and Tech Education, Sports and Youth Services, Odia Language, Literature and Culture. Right now the Application consists of 4,392 Colleges, 12,49,895 Online Applications, Admission Strength 9,74,802, Admission Taken 7,36,535. The web Applications of “SAMS Odisha” was containing all the academic informations of old student and current students. The web portal also have different panels for college authorities and boards which includes numerous financial and academic data of students. The Web Application needs full security protection with the Cyber Security Audit.

Our challenge was to test the website for OWASP top 10 vulnerabilities and to fix for all possible threats as per CERT-IN Guidelines within short time period. The Application needs to be free from all the bugs with the CERT in audit certification as it will be hosted in the State Data Center. The Web Application need to be continuously monitored and will be free from security flaws. With the Ready to Host Certificate from CERT-IN Empanelled Company, The Possible Cyber Security Audit can be initiated. Threatsys ‘s challenge is to complete SAMS applications of Degree, Post Graduation, Teacher Education & BHED, Higher Secondary School. Teacheer Education and SCERT, Corresponsence CHSE, ITI, Dipmoa, Post Diploma in industrial Safety, Physical Education, Utkal Sangeet Mahavidyalaya within 30 Days.

Threatsys Appointed 6 Cyber Security Resources under the Guidance of our Lead Security Engineer. The Threatsys Red team is started this project by performing Black Box Testing, White Box Testing along with our Industry Centric Checklist.

Threatsys primarily follows the Open Web Application Security Project (OWASP) guidelines as a bench mark. However, over time we have developed our own Hybrid Methodology that brings together the best of OWASP, OSSTM, WASC and NIST standards as well as to the CERT-IN guidelines. This hybrid methodology involves a set of comprehensive checks which ensures that no vulnerabilities are missed during testing.

The process involves an active analysis of the SAMS applications for any weaknesses, technical flaws, or vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.

Our methodology is designed to be exhaustive in two dimensions.
Testing for all known attacks & Testing on all possible points of entry.

After Testing The SAMS Web Application from the production url, We have found Several bugs which are further categorised into Critical, High, Medium & Low as per their severity. Our Threatsys team is always focused to make developer friendly reports which can be easily understandable with clear given proof of concepts. We make videos POC with the proper evidances as the security flaws can be easily understood and fixed.

We have provided Each Severity type with a certain time period under which that issue should be fixed. During That period Our team was frequently supporting the developers in order to fix those issues quickly. After the fix was completed our team re-audited the application again to check whether the fixes are done perfectly or not.

Our Team has issued the Re-Audited Reports and coordinated with our CERT-IN Associates for the Verification of the Reports. along with the reports and fixings were verified and we have successfully provided Ready to Host CERT-IN Certificate within the timeline.

All the modules of SAMS Odisha are hosted in the state data centre, ensuring the highest level of security and reliability. The successful completion of the project means that Students of Odisha can use Degree, Post Graduation, Teacher Education and BHED, Higher Secondary School, Teacher Education, ITI, Diploma, Post Diploma in Industrial Safety, Physical Education, USM applications securely. These applications are now well-protected against external threats, and the highly sensitive data they process, store, and fetch are done so flawlessly. Threatsys is the No.1 Cyber Security Testing Company that protects the data of all the citizens of Odisha and responsible for their security, integrity and privacy.

“Threatsys’s team went deep down into the rabbit hole to understand the product and find several bugs with a business logic rule that took engineering several weeks to analyze within the code.” concluded Saroj Swain, IT Manager, CSM Technologies Pvt. Ltd..