Overview

Krushak Odisha is an authentic database of 49.5 lacks (till now) of farmers including small, marginal, and landless cultivators and agricultural laborers. The information of all farmers in the database such as residential details, land details, crops cultivated, livestock reared, and fisheries practiced has been verified by government extension workers. The vision of Krushak Odisha is to create a golden record of farmers in the state which would become the core of all the Government Farmers’ Interaction in the state to enable multiple use cases.

Client:
Krushak Odisha
Industry:
Government of Odisha
Services:
CERT-in Cyber Security Audit
Company:
Department of Agriculture and Farmers’ Empowerment
Development Company:
CSM Technologies Pvt. Ltd.

Challenge

The web portal of “Krushak Odisha” enrolled farmers who will receive weekly calls on their mobile phones with advisories on farming practices, crop and livestock management, weather advisories, pest attack prevention, and disease management it contains all the data framers which are needed to be protected. The Web Application needs full security protection with the Cyber Security Audit.

Our challenge was to test the website for OWASP’s top 10 vulnerabilities and to support the Developers as they can fix for all possible threats as per CERT-IN & Threatsys Web Apps Penetration Testing Guidelines. The Application needs to handle sensitive data and may need to be mindful of data privacy and security concerns.

Solution

Threatsys Technologies assigned 3 Cyber Security Resources under the Guidance of our CEO, Deepak Kumar Nath. The Threatsys Red team is started this project by performing Black Box Testing, White Box Testing along with our Industry Centric Checklist.

 

After Testing the Web Application from the production URL, We have found Several bugs which are further categorized into Critical, High, Medium & Low as per their severity. Our team is always focused to make developer-friendly reports which can be easily understandable with clear given proof of concepts.

We make videos POC with the proper evidence as the security flaws can be easily understood and fixed. We have provided Each Severity type with a certain time period under which that issue should be fixed. During That period Our team was frequently supporting the developers in order to fix those issues quickly. After the fix was completed, our team re-audited the application again to check whether the fixes are done perfectly or not.

Results

Threatsys issued the CERT-IN Safe to Host Certificate, The Krushak Odisha is hosted into State Data center successfully. as it belongs to the farmers under Government of Odisha, so it is securely managed to authenticate with the Farmers across odisha for their registration process, flawless management of all the framing details.