Overview

Looking at the amount of effort and expenses incurred through the Offline admission process, Online (web-based) admission process was planned by Higher Education Department. This was later named as Student Academic Management System (commonly known as SAMS).It covers all Junior colleges, Degree colleges , ITI and Diploma Colleges.

Client:
SAMS ODISHA
Industry:
Government of Odisha
Services:
Web Application Security Audit
Company:
Odisha Computer Application Center
Development Company:
CSM Technologies Pvt. Ltd.

Challenge

The web portal of “SAMS Odisha” was containing all the academic informations of old student and current students. The web portal also have different panels for college authorities and boards which includes numerous financial and academic data of students. The Web Application needs full security protection with the Cyber Security Audit.

Our challenge was to test the website for OWASP top 10 vulnerabilities and to fix for all possible threats as per CERT-IN Guidelines. The Application needs to be free from all the bugs with the CERT in certification as it will be hosted in the State Data Center. The Web Application need to be continuously monitored and will be free from security flaws. With the Ready to Host Certificate from CERT-IN Empanelled Company, The Possible Cyber Security Audit can be initiated.

Solution

Threatsys is collaborated with CSM Technologies for working on this project. Appointed 6 Cyber Security Resources under the Guidance of our Lead Security Engineer. The Red team is started this project by performing Black Box Testing, White Box Testing along with our Industry Centric Checklist.

After Testing The Web Application from the production url, We have found Several bugs which are further categorised into Critical, High, Medium & Low as per their severity. Our team is always focused to make developer friendly reports which can be easily understandable with clear given proof of concepts.
We make videos POC with the proper evidances as the security flaws can be easily understood and fixed.

We have provided Each Severity type with a certain time period under which that issue should be fixed. During That period Our team was frequently supporting the developers in order to fix those issues quickly. After the fix was completed our team re-audited the application again to check whether the fixes are done perfectly or not.

Our Team has issued the Re-Audited Reports and coordinated with our CERT-IN Associates for the Verification of the Reports. along with the reports and fixings were verified and we have successfully provided Ready to Host CERT-IN Certificate within the timeline.

Results

Along with the CERT-IN Ready to Host Certificate, The SAMS is hosted into State Data center successfully. as it belongs to the Education Department under Government of Odisha, so it is securely managed to authenticate with the students across odisha for their registration process, flawless admission management of all the educational institutions.

“I found the relationship to be a really positive one. One that was constructive. It certainly felt to me that what I was saying about SAMS’s needs and requirements in this space was being listened to,” concluded Saroj Swain, IT Manager, CSM Technologies Pvt. Ltd..