Posted on

Open Source Platform Development

Home » Insight »

Open Source Platform Development

As part of Application Security Assurance

About the client

The Client is a non-profit organization developing an open source identity platform that helps user organizations such as Governments implement a digital, foundational ID in a cost effective way, while embracing the best practices of scalability, security and privacy harnessing the power of open source.

The Problem

  • World Bank is  promoting Citizen Identity System to the citizens of under developed and developing countries.
  • The platform was supposed to be modular in architecture at the same time robust, secured and scalable for large populated countries to adopt it as a cost effective platform.
  • The application was supposed to be developed by using opensource technologies.  
  • The platform is to follow open standards, frameworks and full code disclosure to avoid vendor lock-in.

The Solution

  • We designed high level architecture of the core platform, along with data flow and data security.
  • We used open source language/DB  like Java, Spring Boot, Postgres, MinIO, Kubernetes etc 
  • We did HSM integration of AWS CloudHSM, nCipher and Safenet for key management standards using PKCS11 and JCE.

Value delivered

Built with open APIs to enable interoperability and promote a culture of entrepreneurship and innovation

Standard, world-class tech platform available for free, can be leveraged to keep cost of systems low

A reliable open source platform for identity system designed for easy integration

Extensibility with country-specific features using a microservices/API approach

Industry

Non-Profit Organization

Team Size

08

Instruments

Java, Spring Boot, Kubernetes

More Case Studies

Posted on

Skilled Sme For Mobile Application Security Assessment

Home » Insight »

Skilled Sme For Mobile Application Security Assessment

As part of Agile Workforce

About the client

Our client is one of the largest multinational professional services organization

The Problem

  • Client required to on-board 10 skilled resources on Mobile application security assessment, for one of their key engagements
  • Client’s internal LnD function was not able to cater to the requirement, considering the need was niche, specific and time sensitive
  • Resources were not only required to have experience on Mobile Security Testing, but required to have experience on DevOps lifecycle and integration of security check gates at each stage

The Solution

  • Our domain experts formulates a roadmap to source, enable and infuse 10 skilled resources in a span on 3 months
  • The resource pool had a mix of freshers, juniors and senior analysts
  • The training program was customized to suit the exact need of the client and executed in a span of 3 months

Value delivered

Cyberpwn’s focused, preemptive and round the clock hiring of domain SMEs across skill levels helped the client build a skilled team on time

Our customized and modular training program enabled the resources to be aligned with the project needs

Our internal self-learning platforms made the customized training cost and time effective

Program management team ensured seamless execution of the program

Industry

IT/ITES

Team Size

10

Instruments

Hiring Processes
Expert Trainers
Training Content

More Case Studies

Posted on

RSA Archer eGRC Implementation

Home » Insight »

RSA Archer eGRC Implementation

As part of Cyber Transformation

About the client

A Financial Services major in the UAE region. Objective of enabling RSA Archer eGRC platform was to transform the existing IT Risk Management function

The Problem

  • Disjointed IT Risk Management processes, running in silo and on multiple legacy platforms, mails and excel sheets
  • Lack of automation resulting in friction and inefficiency
  • Lack of visibility in terms of organization wide risk posture
  • Ineffective risk remediation and exception for technical vulnerabilities

The Solution

  • We collaborated with RSA to deliver a best-in-class IT Risk Management solution on RSA Archer platform to transform the IT Risk Management function.
  • Enabled Risk Management, Vulnerbaility Management and Issues Management solutions
  • Rapid deployment of solutions and stake holder on boardingtechnical vulnerabilities

Value delivered

Automation of Vulnerability Management program

Centralised issues management

Unified platform to manage IT risk landscape

Executive dashboards and reports for risk aware decision making

Industry

BFSI

Team Size

04

Instruments

RAS Archer

More Case Studies

Posted on

Application Penetration Test

Home » Insight »

Application Penetration Test

As part of Application Security Assurance

About the client

Our client is a French multinational investment bank and financial services company.

The Problem

  • Bank used to have different invoice formats for its customers
  • The core application had file uploading functionality
  • Challenge was to identify any malicious file or content upload

The Solution

  • Our Security team had performed security testing on the web application
  • The vulnerabilities like privilege escalations via Insecure Direct Object Reference was possible and any user of the application was allowed to perform financial transactions.
  • We provided recommendations to mitigate the vulnerabilities.

Value delivered

Executive Dashboard Reports on Critical issues

Effective collaboration between the Business & Delivery Team

Reduced Risks associated with the Application by providing On-time Remediation

Consultative Advisory on Policy Compliance & Process improvement.

Industry

BFSI

Team Size

08

Instruments

Burpsuite

More Case Studies