CERT-in Cyber Security Audit of Krushak Odisha

The Krushak Portal Application for Livelihood and Income Augmentation initiative was launched in India on 21 December, 2018 by Department of Agriculture & Farmers’ Empowerment, Government of Odisha . This initiative is launched by Mr. Naveen Patnaik, the chief minister of Odisha for the people of odisha those who live in Odisha permanently.

The Krushak Application program’s main goal is to provide positive outcomes for farmers who are drowning in debt. The only people who qualify for benefits under this scheme are cultivators, farmers, croppers, and landless agricultural workers. Users can only utilise the services of the portal if they have registered. However, users must visit the official website and adhere to its instructions in order to achieve this. In accordance with this programme, agricultural workers without access to land will each get ₹10,000 which may be easily deposited into the account you have set aside for that purpose. Therefore, the scheme will offer two key benefits: financial aid and other debt transfers that are sent straight into their accounts. Total Beneficiares of Kalia Yojona or Krushak Portal is 76,80,611 and still counting.

Overall, Krushak Odisha is a crucial initiative of the Government of Odisha that aims to empower farmers and promote sustainable agriculture in the state.

Threatsys, The Leading Infosec Company of India, is assigned on cybersecurity testing and CERT-IN cybersecurity audit projects for Krushak Odisha and Kalia Yojana of the government web applications is complex and challenging process due to various factors.

The web portal of “Krushak Odisha” enrolled farmers include classified informations of the farmers, personal data, adhar card details, financial records, and other sensitive data. It is important to ensure that all data is securely stored and transmitted, which can add to the complexity of the project.  The Web Application needs full security protection with the Cyber Security Audit that can ensure the privacy, inegrity and security of all the farmers in the state.

For Threatsys every challanges are unique, and we know how to tackle it. For Krushak Odisha we have very limited tight timeframes. This is challenging, especially as the application is complex with large user base. Moreover, the time required for fixing the identified security vulnerabilities is often limited, making it difficult to ensure that all issues are addressed.

But Any challenges require careful planning, effective communication, and a thorough understanding of the application’s security requirements. Overcoming these challenges can be challenging but is crucial for Threatsys to ensuring that Krushak Odisha web application is remain secured and protected from cyber threats.

Threatsys Technologies, under the guidance of CEO Deepak Kumar Nath, introduced proper roadmap to finish the Whole Project within only 20 Days of timeline. Project Manager assigned three cyber security resources to work on this cyber security project that involved performing black box testing, white box testing, and an industry-centric checklist on a web application from the production URL of Krushak Odisha.

After testing, the Threatsys Red team identified several bugs in the application, categorized into critical, high, medium, and low based on their severity. Threatsys team preapred the Initial Version 1 Report, focused on providing developer-friendly reports with clear proof of concepts, including videos of POC with proper evidence to help developers easily understand and fix the security flaws. Threatsys Team indenfied more than 30+ Vulnerabilities where as more than 60% Bugs are critical and high severity based.

During the cyber security testing of a web application, a team can use various cybersecurity tools to identify and mitigate potential security vulnerabilities. By using a combination of Automation Testing and Manual Testing, Threatsys team was effectively identify and mitigate potential security vulnerabilities in a web application.

Threatsys provided each severity type with a specific time period under which the issue should be fixed. During this period, the company’s team frequently supported developers in fixing the identified issues quickly. After the fixes were completed, the team re-audited the application to ensure that the issues were fixed perfectly. Team delivered the Final Retest Version 2 Report after the remediation of all the vulnerabilities.

Overall, Threatsys Technologies introduced effective CERT-IN solutions for cyber security testing services, including providing clear reports with POC videos and supporting developers in fixing identified issues quickly. This helped ensure that the web application was secure and protected from potential cyber threats.

Threatsys issued the CERT-IN Safe to Host Certificate, The Krushak Odisha is hosted into State Data center successfully. as it belongs to the farmers under Government of Odisha, so it is securely managed to authenticate with the Farmers across odisha for their registration process, flawless management of all the framing details. We are Happy that Threatsys is the Cyber Security Partner of Government of Odisha for protecting the sensitive information of one crore plus farmers of odisha.