About the Client
Our Client is Odisha State Pollution Control Board
The Challenge
Web Application Penetration Testing
Odisha State Pollution Control Board uses a software - web-based application. This measures the emitting level of pollution from the factories. Govt cancels the license of the factories with a high level of emission by the industrial norms. The real-time data reach the server by the devices that are installed in the industry and Govt can check the data from the software. Our information security professional (Penetration Tester ISO 27001) was asked to undergo a thorough manual and tool-based vulnerability assessment of the application.
The Solution
The Indian Cyber Security Solutions was ready to perform web-based penetration testing of the software. Non-Disclosure-Agreement (NDA) was processed between both the parties. As per the work agreement, Indian Cyber Security Solutions was ready to take the challenge and complete the work within 14 working days.
The project was done in the following steps:
1)The Entire website was scanned to test the vulnerability along with the Manual testing in the first phase. It was performed within 3 days.
2)During the VAPT some critical level of vulnerabilities were identified such as ‘SQL injection’, ‘cross-site scripting’ etc. by using various penetration testing tools.
3)The Developers of the company were informed to patch that vulnerability.
4)Retesting has been done for the software and further, no vulnerability was found.Indian Cyber Security Solutions technical team was ready with the final report along with the security certificate which they handed over the client within the deadline.
Stage 1: NDA documents signed
The scope of work was defined by the client (Qual5 India Pvt Ltd). The layout of the web application was share with Indian Cyber Security Solutions. NDA documents (Non-Disclosure-Agreement) signed between both parties.
Stage 2: Risk Management & Mitigation
The 2nd Stage of risk management and mitigation has started, evaluating the key assets involved in web applications such as firewalls, IDS, IPS, routers, and others. High-Level Vulnerability was found by Indian Cyber Security Solutions team.
Stage 3: Rectification as per suggestion
The 3rd stage which is the most important stage of the project as the client was suggested the rectification from Indian Cyber Security Solutions and the client had to patch up vulnerabilities as per the suggestion. The Qual5 India Pvt Ltd web Developers were able to find out solutions as per the suggestion mentioned by the Indian Cyber Security Solutions team.
Stage 4: Final Assessment and VAPT project submission
At the end of the 12th working day, Qual5 India Pvt Ltd Web Developers had already patched the high level vulnerabilities found by the Indian Cyber Security Solutions team. The final stage of vulnerabilities assessment had begun as the Indian Cyber Security Solutions team members had started retesting the web application as mentioned in the scope of work to find out all the medium level vulnerabilities which were found previously and were patched and no high or medium-level vulnerabilities prevail. Indian Cyber Security Solutions team was able to generate the VAPT report and handed over the document to the client along with the certificate. Indian Cyber Security Solutions team had again achieved and completed the assigned task within the stipulated time. Indian Cyber Security Solutions team had again shown high-quality professionalism by meeting up the deadlines and living up to customer's expectations.
The Deliverable
The customized reports were provided to the Client as per their requirements the details are mentioned below:
The Benefits
The benefits are discussed below by conducting thorough security tests and identifying the vulnerabilities:
Testimonial
"We are Very much satisfied with the service provided by the Indian Cyber Security Solutions team. They are a very dedicated team. We had a great experience with them. Meeting up the deadline is a rare talent that they have successfully achieved. We are looking forward to working more in the future with them "
- Sabyasachi Satpathy