Table Space Odisha CERT-IN Cyber Security Audit

Founded in 2017, Table Space Technologies Private Limited is a trailblazer in the premium managed workspace industry, offering intelligent, end-to-end office solutions to global enterprises.

Operating on a flexible Workspace-as-a-Service (WaaS) model, the company delivers end-to-end office space management — from ready-to-move-in setups to fully customized corporate environments. Serving several Fortune 50 and Fortune 500 clients, Table Space blends intelligent design with cutting-edge technology to transform commercial real estate into agile, scalable, and enterprise-ready workspaces. At the core of their operations lies a proprietary digital platform that powers seamless workspace booking, internal financial transactions, service delivery, asset monitoring, and facility lifecycle management. This digital ecosystem enables real-time visibility across projects and facilities, optimizing utilization while maintaining transparency. To ensure the security of sensitive business transactions and personal data, Table Space partnered with Threatsys, India’s premier cybersecurity audit firm. The engagement included a full-scale Vulnerability Assessment and Penetration Testing (VAPT) of three critical web applications—Transaction Management, App Platform, and Delivery Platform—along with both Android and iOS mobile applications. Additionally, a GDPR compliance audit was carried out to align the platform with international data protection standards and regulatory obligations.

SAMS Application Project consists of Several modules i.r for Higher Education, School & Mass Education, Skill Dev and Tech Education, Sports and Youth Services, Odia Language, Literature and Culture. Right now the Application consists of 4,392 Colleges, 12,49,895 Online Applications, Admission Strength 9,74,802, Admission Taken 7,36,535. The web Applications of “SAMS Odisha” was containing all the academic informations of old student and current students. The web portal also have different panels for college authorities and boards which includes numerous financial and academic data of students. The Web Application needs full security protection with the Cyber Security Audit.

Our challenge was to test the website for OWASP top 10 vulnerabilities and to fix for all possible threats as per CERT-IN Guidelines within short time period. The Application needs to be free from all the bugs with the CERT in audit certification as it will be hosted in the State Data Center. The Web Application need to be continuously monitored and will be free from security flaws. With the Ready to Host Certificate from CERT-IN Empanelled Company, The Possible Cyber Security Audit can be initiated. Threatsys ‘s challenge is to complete SAMS applications of Degree, Post Graduation, Teacher Education & BHED, Higher Secondary School. Teacheer Education and SCERT, Corresponsence CHSE, ITI, Dipmoa, Post Diploma in industrial Safety, Physical Education, Utkal Sangeet Mahavidyalaya within 30 Days.

Threatsys Appointed 6 Cyber Security Resources under the Guidance of our Lead Security Engineer. The Threatsys Red team is started this project by performing Black Box Testing, White Box Testing along with our Industry Centric Checklist.

Threatsys primarily follows the Open Web Application Security Project (OWASP) guidelines as a bench mark. However, over time we have developed our own Hybrid Methodology that brings together the best of OWASP, OSSTM, WASC and NIST standards as well as to the CERT-IN guidelines. This hybrid methodology involves a set of comprehensive checks which ensures that no vulnerabilities are missed during testing.

The process involves an active analysis of the SAMS applications for any weaknesses, technical flaws, or vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.

Our methodology is designed to be exhaustive in two dimensions.
Testing for all known attacks & Testing on all possible points of entry.

After Testing The SAMS Web Application from the production url, We have found Several bugs which are further categorised into Critical, High, Medium & Low as per their severity. Our Threatsys team is always focused to make developer friendly reports which can be easily understandable with clear given proof of concepts. We make videos POC with the proper evidances as the security flaws can be easily understood and fixed.

We have provided Each Severity type with a certain time period under which that issue should be fixed. During That period Our team was frequently supporting the developers in order to fix those issues quickly. After the fix was completed our team re-audited the application again to check whether the fixes are done perfectly or not.

Our Team has issued the Re-Audited Reports and coordinated with our CERT-IN Associates for the Verification of the Reports. along with the reports and fixings were verified and we have successfully provided Ready to Host CERT-IN Certificate within the timeline.

All the modules of SAMS Odisha are hosted in the state data centre, ensuring the highest level of security and reliability. The successful completion of the project means that Students of Odisha can use Degree, Post Graduation, Teacher Education and BHED, Higher Secondary School, Teacher Education, ITI, Diploma, Post Diploma in Industrial Safety, Physical Education, USM applications securely. These applications are now well-protected against external threats, and the highly sensitive data they process, store, and fetch are done so flawlessly. Threatsys is the No.1 Cyber Security Testing Company that protects the data of all the citizens of Odisha and responsible for their security, integrity and privacy.

“Threatsys’s team went deep down into the rabbit hole to understand the product and find several bugs with a business logic rule that took engineering several weeks to analyze within the code.” concluded Saroj Swain, IT Manager, CSM Technologies Pvt. Ltd..