MO SARKAR, Govt. of Odisha CERT-IN Cyber Security Audit

The objective of the ‘Mo Sarkar’ programme is to provide service with dignity to people who are coming to government offices for different purposes. The phone numbers of people who are coming to government offices will be collected randomly with the purpose to improve the governance system by collecting feedback on behaviour and professionalism of government officers. Mo Sarkar Program is not only the program but also the department under the leadership of honourable CM “Naveen Patnaik”.

Naveen Patnaik told ” I would like to emphasize once again on the 3Ts of governance- Teamwork, Transparency & Technology leading to Transformation. I am going to add a fifth dimension to this – Time.” The Department is governed by Chief Minister of Odisha, administrated by Honourable VK Pandian, PS to CM, Secretary to 5T.

As The web portal of Mo Sarkar was containing huge numbers of Personal information of the Citizens from whom the feedbacks and complaints are collected. Mo sarkar also contains 22 departments of Odisha, It has also departmental data. The Web Application needs full security protection with the Cyber Security Audit.

Our challenge was to test the website for OWASP top 10 vulnerabilities and to fix for all possible threats as per CERT-IN Guidelines. The Application needs to be free from all the bugs with the CERT in certification as it will be hosted in the State Data Center. The Web Application need to be continuously monitored and will be free from security flaws. With the Ready to Host Certificate from CERT-IN Empanelled Company, The Possible Cyber Security Audit can be initiated.

Threatsys is collaborated with CSM Technologies for working on this project. Appointed 4 Cyber Security Resources under the Guidance of our Lead Security Engineer. The Red team is started this project by performing Black Box Testing, White Box Testing along with our Industry Standard Checklist.

After Testing The Web Application from the production url, We have found Several bugs which are further categorised into Critical, High, Medium & Low as per their severity. Our team is always focused to make developer friendly reports which can be easily understandable with clear given proof of concepts.
We make videos POC with the proper evidences as the security flaws can be easily understood and fixed.

We have provided Each Severity type with a certain time period under which that issue should be fixed. During That period Our team was frequently supporting the developers in order to fix those issues quickly. After the fix was completed our team re-audited the application again to check whether the fixes are done perfectly or not.

Our Team has issued the Re-Audited Reports and coordinated with our CERT-IN Associates for the Verification of the Reports. along with the reports and fixings were verified and we have successfully provided Ready to Host CERT-IN Certificate within the timeline.

Along with the CERT-IN Ready to Host Certificate, The MO Sarkar Portal is hosted into State Data Center successfully. as it belongs to the Department under Government of Odisha, so it is securely managed to authenticate with all the officials of Mo Sarkar.