SAMS Odisha, Govt. of Odisha CERT-IN Cyber Security Audit

Student Academic Management System (SAMS) is an integrated portal which provides a common platform for admission into various courses across the State through e-Admission and also several e-Services to students at institution level through e-Administration.

This initiative was started in 60 Junior Colleges during academic session 2009-10 and expanded to 169 junior college and 53 degree(+3) Colleges during the session 2010-11. After successful implementation of online admission during the session 2010-11 and 2011-12 under the project SAMS it has been decided to cover all junior colleges(including +2 self financed college) and 162 degree colleges (+3) during session 2011-12. After getting good feedback from college and students All junior & Degree/Autonomous students have come to SAMS Fold and it has been approved by Government of Odisha students take online admission into Junior / Higher Secondary School and degree(+3) classes of Arts, Commerce and Science streams along with Vocational & Sanskrit Educational institutions. This admission process, carried out through internet and computers is called as e-Admission. At present, SAMS covers additional courses in addition to the above i.e. it covers Correspondence, ITI, Diploma, Teacher Education, Physical Education of different departments. Besides e-Admission, SAMS also maintains the academic and financial records of each student admitted into the different educational institutions.

SAMS Application Project consists of Several modules i.r for Higher Education, School & Mass Education, Skill Dev and Tech Education, Sports and Youth Services, Odia Language, Literature and Culture. Right now the Application consists of 4,392 Colleges, 12,49,895 Online Applications, Admission Strength 9,74,802, Admission Taken 7,36,535. The web Applications of “SAMS Odisha” was containing all the academic informations of old student and current students. The web portal also have different panels for college authorities and boards which includes numerous financial and academic data of students. The Web Application needs full security protection with the Cyber Security Audit.

Our challenge was to test the website for OWASP top 10 vulnerabilities and to fix for all possible threats as per CERT-IN Guidelines within short time period. The Application needs to be free from all the bugs with the CERT in audit certification as it will be hosted in the State Data Center. The Web Application need to be continuously monitored and will be free from security flaws. With the Ready to Host Certificate from CERT-IN Empanelled Company, The Possible Cyber Security Audit can be initiated. Threatsys ‘s challenge is to complete SAMS applications of Degree, Post Graduation, Teacher Education & BHED, Higher Secondary School. Teacheer Education and SCERT, Corresponsence CHSE, ITI, Dipmoa, Post Diploma in industrial Safety, Physical Education, Utkal Sangeet Mahavidyalaya within 30 Days.

Threatsys Appointed 6 Cyber Security Resources under the Guidance of our Lead Security Engineer. The Threatsys Red team is started this project by performing Black Box Testing, White Box Testing along with our Industry Centric Checklist.

Threatsys primarily follows the Open Web Application Security Project (OWASP) guidelines as a bench mark. However, over time we have developed our own Hybrid Methodology that brings together the best of OWASP, OSSTM, WASC and NIST standards as well as to the CERT-IN guidelines. This hybrid methodology involves a set of comprehensive checks which ensures that no vulnerabilities are missed during testing.

The process involves an active analysis of the SAMS applications for any weaknesses, technical flaws, or vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.

Our methodology is designed to be exhaustive in two dimensions.
Testing for all known attacks & Testing on all possible points of entry.

After Testing The SAMS Web Application from the production url, We have found Several bugs which are further categorised into Critical, High, Medium & Low as per their severity. Our Threatsys team is always focused to make developer friendly reports which can be easily understandable with clear given proof of concepts. We make videos POC with the proper evidances as the security flaws can be easily understood and fixed.

We have provided Each Severity type with a certain time period under which that issue should be fixed. During That period Our team was frequently supporting the developers in order to fix those issues quickly. After the fix was completed our team re-audited the application again to check whether the fixes are done perfectly or not.

Our Team has issued the Re-Audited Reports and coordinated with our CERT-IN Associates for the Verification of the Reports. along with the reports and fixings were verified and we have successfully provided Ready to Host CERT-IN Certificate within the timeline.

All the modules of SAMS Odisha are hosted in the state data centre, ensuring the highest level of security and reliability. The successful completion of the project means that Students of Odisha can use Degree, Post Graduation, Teacher Education and BHED, Higher Secondary School, Teacher Education, ITI, Diploma, Post Diploma in Industrial Safety, Physical Education, USM applications securely. These applications are now well-protected against external threats, and the highly sensitive data they process, store, and fetch are done so flawlessly. Threatsys is the No.1 Cyber Security Testing Company that protects the data of all the citizens of Odisha and responsible for their security, integrity and privacy.

“Threatsys’s team went deep down into the rabbit hole to understand the product and find several bugs with a business logic rule that took engineering several weeks to analyze within the code.” concluded Saroj Swain, IT Manager, CSM Technologies Pvt. Ltd..