The Krushak Portal Application for Livelihood and Income Augmentation initiative was launched in India on 21 December, 2018 by Department of Agriculture & Farmers’ Empowerment, Government of Odisha . This initiative is launched by Mr. Naveen Patnaik, the chief minister of Odisha for the people of odisha those who live in Odisha permanently.

The Krushak Application program’s main goal is to provide positive outcomes for farmers who are drowning in debt. The only people who qualify for benefits under this scheme are cultivators, farmers, croppers, and landless agricultural workers. Users can only utilise the services of the portal if they have registered. However, users must visit the official website and adhere to its instructions in order to achieve this. In accordance with this programme, agricultural workers without access to land will each get ₹10,000 which may be easily deposited into the account you have set aside for that purpose. Therefore, the scheme will offer two key benefits: financial aid and other debt transfers that are sent straight into their accounts. Total Beneficiares of Kalia Yojona or Krushak Portal is 76,80,611 and still counting.

Overall, Krushak Odisha is a crucial initiative of the Government of Odisha that aims to empower farmers and promote sustainable agriculture in the state.

Threatsys, The Leading Infosec Company of India, is assigned on cybersecurity testing and CERT-IN cybersecurity audit projects for Krushak Odisha and Kalia Yojana of the government web applications is complex and challenging process due to various factors.

The web portal of “Krushak Odisha” enrolled farmers include classified informations of the farmers, personal data, adhar card details, financial records, and other sensitive data. It is important to ensure that all data is securely stored and transmitted, which can add to the complexity of the project.  The Web Application needs full security protection with the Cyber Security Audit that can ensure the privacy, inegrity and security of all the farmers in the state.

For Threatsys every challanges are unique, and we know how to tackle it. For Krushak Odisha we have very limited tight timeframes. This is challenging, especially as the application is complex with large user base. Moreover, the time required for fixing the identified security vulnerabilities is often limited, making it difficult to ensure that all issues are addressed.

But Any challenges require careful planning, effective communication, and a thorough understanding of the application’s security requirements. Overcoming these challenges can be challenging but is crucial for Threatsys to ensuring that Krushak Odisha web application is remain secured and protected from cyber threats.

Threatsys Technologies, under the guidance of CEO Deepak Kumar Nath, introduced proper roadmap to finish the Whole Project within only 20 Days of timeline. Project Manager assigned three cyber security resources to work on this cyber security project that involved performing black box testing, white box testing, and an industry-centric checklist on a web application from the production URL of Krushak Odisha.

After testing, the Threatsys Red team identified several bugs in the application, categorized into critical, high, medium, and low based on their severity. Threatsys team preapred the Initial Version 1 Report, focused on providing developer-friendly reports with clear proof of concepts, including videos of POC with proper evidence to help developers easily understand and fix the security flaws. Threatsys Team indenfied more than 30+ Vulnerabilities where as more than 60% Bugs are critical and high severity based.

During the cyber security testing of a web application, a team can use various cybersecurity tools to identify and mitigate potential security vulnerabilities. By using a combination of Automation Testing and Manual Testing, Threatsys team was effectively identify and mitigate potential security vulnerabilities in a web application.

Threatsys provided each severity type with a specific time period under which the issue should be fixed. During this period, the company’s team frequently supported developers in fixing the identified issues quickly. After the fixes were completed, the team re-audited the application to ensure that the issues were fixed perfectly. Team delivered the Final Retest Version 2 Report after the remediation of all the vulnerabilities.

Overall, Threatsys Technologies introduced effective CERT-IN solutions for cyber security testing services in bhubaneswar, including providing clear reports with POC videos and supporting developers in fixing identified issues quickly.
This helped ensure that the web application was secure and protected from potential cyber threats.

Threatsys issued the CERT-IN Safe to Host Certificate, The Krushak Odisha is hosted into State Data center successfully. as it belongs to the farmers under Government of Odisha, so it is securely managed to authenticate with the Farmers across odisha for their registration process, flawless management of all the framing details. We are Happy that Threatsys is the Cyber Security Partner of Government of Odisha for protecting the sensitive information of one crore plus farmers of odisha.

Union Bank of Nigeria (UBN) is one of the oldest and largest commercial banks in Nigeria. The bank was founded in 1917 and has since grown to become a major player in the Nigerian banking industry. UBN provides a wide range of banking and financial services, including corporate banking, retail banking, and investment banking. The bank has a strong presence in Nigeria, with over 300 branches and ATMs nationwide. Union Bank also operates in other African countries like Ghana, Sierra Leone, The Gambia and Liberia. The bank has also built a notable reputation for its Corporate Social Responsibility initiatives and its support of the Nigerian economy.

Union Bank of Nigeria is a large banking organisation having complex functionalities with a diverse range of systems and networks. As it has a large user base processes , stores and uses user’s financial data, it should be safe from all kind of threats. Union Bank of Nigeria is subject to various laws and regulations that govern the banking sector. While testing we need to keep in mind about the laws as well. Except that the error percentage during the test should be zero, our major focus towards the unauthorised data leaks and financial losses that can harm the organisation

As this is a sensitive project dealing finance and banking services, we have followed our own security checklist specially designed for banking sectors along with other popular security frameworks like OWASP , SANS25, PCI DSS security Guidlines . At first we have gone through the workflow of that application to understand it better before doing any security testing there. Each and every test was done under a host hosted on the staging server. We have started the audit With a team of highly experienced penetration testers, we divide each memebr with separate modules for completing the project before the deadline. As per procedures we initiated an automation scan( using paid enterprise tools) against the target and found several low hanging bugs. During the time of manual testing , our team first engaged themselves with black box testing and found several bugs , but worth mentioning here, the application is vulnerable for dBlind Xss During one signup which was executing directly on the banking administrator portal , this leads to the total account takeover of the admin portal. Then during white box test, we found one malicious user can have access to all other user’s personal financial Information. In total we found several bugs from the portal.

The team now has all the required evidences , root causes and preventions for the bugs we have found. We made a detailed security report v1.0 and coordinated continuously with the team of developers for fixing out all the raised security issues. After few days we confirmed the raised issues to be addressed by the dev team and provided them the final 2.0 version.

Threatsys have completed the security testing on time successfully and the application code was updated with the fixed code in the live server . Now the portal is running securely and providing financial services to thousands of users flawlessly.

That means Threatsys is protecting the banking users of Nigeria and making the whole UBN secure enough.

The Chief Minister Dashboard, Government of Odisha is a flagship technology initiative of the Government of Odisha to achieve the 5T goal. The chief minister’s office directed that all departments create data dashboards in order to deliver data-driven governance. This project makes use of cutting-edge AI, machine learning, and data science technology to monitor schemes, ensure transparency, and make data-driven decisions.

The web portal of “CM Dashboard, Government of Odisha” satisfies the demand for real-time monitoring to find out all security loop holes and protects sensitive information’s of government. There was a several  user access for different rules and we need to test with the standard of OWASP, SAMS, SANS, OSSTMM, CERT-IN guidelines.

The challenges was to complete the whole cyber security audit with in 15 day’s of time with supporting the developers a all the bug’s can be fixed.

Threatsys Technologies assigned 2 Cyber Security Resources under the Guidance of our CEO, Deepak Kumar Nath. The Threatsys Red team is started this project by performing Black Box Testing, White Box Testing along with our Industry Centric Checklist.

After testing the Web Application from the production URL, we discovered many problems that have been classified as Critical, High, Medium, and Low based on their severity. Our team is always striving to provide developer-friendly reports that are readily readable and include clear proof of ideas.

 We create proof-of-concept video with adequate evidence so that security problems may be simply understood and corrected. We have assigned a time frame to each Severity category in which the issue must be resolved. During that time, our staff was often assisting the developers in resolving such difficulties as rapidly as possible. After the patch was performed, our team re-audited the application to ensure that the fixes were done correctly.

Threatsys issued the CERT-IN Safe to Host Certificate, and the CM Dashboard, Government of Odisha is successfully hosted in the State Data Center. Because it belongs to the government of Odisha, it is safely managed to authenticate with all of Odisha’s departments for their monitoring process, perfect management and procedure, and secure information storage for everyone.

The UT dashboard is a groundbreaking endeavor by the Government of Jammu and Kashmir to use Big Data and Analytics to drive crucial administrative decisions. This technology-first strategy is driven by the government's determination to seamlessly integrate transparency and governance by facilitating the rapid flow of information from the grassroots to the upper rungs of the UT machinery.

The "UT Dashboard" web platform serves the requirement for real-time monitoring. The UT
Dashboard was established to collect detailed data on ground-level effect, which supports the state administration's two important goals of openness and accountability. The examination of the ground-level impact assists in keeping track of how various administrative departments are operating. The dashboard promotes the flow of information from the lowest to the top of the state administrative hierarchy.

Our task was to test the website for the top ten OWASP vulnerabilities and to assist the developers in addressing any potential risks in accordance with CERT-IN and Threatsys Web Apps Penetration Testing Guidelines. The application must handle sensitive data and may be required to consider data privacy and security considerations.

Threatsys Technologies assigned 2 Cyber Security Resources under the Guidance of our CEO, Deepak Kumar Nath. The Threatsys Red team is started this project by performing Black Box Testing, White Box Testing along with our Industry Centric Checklist.

After testing the Web Application from the production URL, we discovered many problems that have been classified as Critical, High, Medium, and Low based on their severity. Our team is always striving to provide developer-friendly reports that are readily readable and include clear proof of ideas. We create proof-of-concept video with adequate evidence so that security problems may be simply understood and corrected. We have assigned a time frame to each Severity category in
which the issue must be resolved. During that time, our staff was often assisting the developers in resolving such difficulties as rapidly as possible. After the patch was performed, our team reaudited the application to ensure that the fixes were done correctly.

Threatsys issued the CERT-IN Safe to Host Certificate, and the UT Dashboard is successfully hosted in the State Data Center. Because it belongs to the government of Jammu and Kashmir, it is safely managed to authenticate with all of Jammu and Kashmir's departments for their monitoring process, perfect management and procedure, and secure information storage for everyone.

e-Despatch is an online system for tracking and managing the movement of official documents in the Indian state of Odisha. It is designed to streamline the process of sending and receiving official documents between different departments and agencies within the state government. The system allows users to track the status of their documents in real-time, and provides features such as document scanning, digitization, and electronic signature. It aims to improve the efficiency and transparency of the government’s document management process.

The e-Despatch portal is a crucial application for Govt. Of Odisha through which the official documents are exchanged securely in between different departmental users. This makes it mandatory to have proper security implementations throughout the application as it stores, process and fetch highly confidential state govt Data.

Dealing with any Govt. Assets for security audit is always challenging. The challenge for us to perform a penetration testing against the portal following the Cert-in Security Checklist along with other security frameworks like OWASP top 10 and SANS 25. The security testing is focused with securing the integrity and confidentiality of the data. Additionally , as the portal deals with different number of privileges , we have to check thoroughly for the permission based access controls.

At first we have gone through the workflow of that application to understand it better before doing any security testing there. Each and every test was done under a host hosted on the staging server. We have started the audit With a team of 4 experienced penetration testeres, we divide each one to separate modules for completing the project before the deadline. As per procedures we initiated an automation scan( using paid enterprise tools) against the target and found several low hanging bugs. During the time of manual testing , our team first engaged themselves with black box testing and found that the application is vulnerable for disclosing sensitive information to the public users and few of the departmental user’s accounts can be taken over. After completing the white-box testing, our team came to an end with a total of 17 bugs including low to critical vulnerabilities.

The team now has all the required evidences , root causes and preventions for the bugs we have found. We made a detailed security report v1.0 and coordinated continuously with the team of developers for fixing out all the raised security issues. After few days we confirmed the raised issues to be addressed by the dev team and provided them the final 2.0 version.

Threatsys have completed the security audit on time and was happy to issue the Cert-In Ready to host certificate for that portal. The portal e-Despatch Odisha was being hosted into the state data centre. Now the portal is secure enough from the external threats and the highly sensitive data are processed , stored and fetched flawlessly.