Overview

The UT dashboard is a groundbreaking endeavor by the Government of Jammu and Kashmir to use Big Data and Analytics to drive crucial administrative decisions. This technology-first strategy is driven by the government's determination to seamlessly integrate transparency and governance by facilitating the rapid flow of information from the grassroots to the upper rungs of the UT machinery.

Client:
UT Dashboard
Industry:
Government of Jammu and Kashmir
Services:
CERT-in Web Application Security Audit
Company:
Government of Jammu and Kashmir
Development Company:
CSM Technologies Pvt. Ltd.

Challenge

The "UT Dashboard" web platform serves the requirement for real-time monitoring. The UT
Dashboard was established to collect detailed data on ground-level effect, which supports the state administration's two important goals of openness and accountability. The examination of the ground-level impact assists in keeping track of how various administrative departments are operating. The dashboard promotes the flow of information from the lowest to the top of the state administrative hierarchy.

Our task was to test the website for the top ten OWASP vulnerabilities and to assist the developers in addressing any potential risks in accordance with CERT-IN and Threatsys Web Apps Penetration Testing Guidelines. The application must handle sensitive data and may be required to consider data privacy and security considerations.

Solution

Threatsys Technologies assigned 2 Cyber Security Resources under the Guidance of our CEO, Deepak Kumar Nath. The Threatsys Red team is started this project by performing Black Box Testing, White Box Testing along with our Industry Centric Checklist.

After testing the Web Application from the production URL, we discovered many problems that have been classified as Critical, High, Medium, and Low based on their severity. Our team is always striving to provide developer-friendly reports that are readily readable and include clear proof of ideas. We create proof-of-concept video with adequate evidence so that security problems may be simply understood and corrected. We have assigned a time frame to each Severity category in
which the issue must be resolved. During that time, our staff was often assisting the developers in resolving such difficulties as rapidly as possible. After the patch was performed, our team reaudited the application to ensure that the fixes were done correctly.

Results

Threatsys issued the CERT-IN Safe to Host Certificate, and the UT Dashboard is successfully hosted in the State Data Center. Because it belongs to the government of Jammu and Kashmir, it is safely managed to authenticate with all of Jammu and Kashmir's departments for their monitoring process, perfect management and procedure, and secure information storage for everyone.