• Why CyStack
  • Products
  • Services
  • Solutions
  • Company
  • Resources

Antsomi proactively responds to security threats

Discover how Antsomi stays one step ahead to protect its applications from cyber threats with CyStack’s reliable assistance.

CyStack products used

0
CyStack

CÔNG TY TNHH ANTSOMI VIỆT NAM

CyStack products used

0

From January 1, 2022 to December 31, 2022, CyStack performed a security assessment and vulnerability management for Antsomi applications. The system is tested by leading Pen-testers at CyStack and a team of community experts on the WhiteHub platform. The purpose of this project is to identify security weaknesses, provide remedial recommendations, and provide continuous feedback, in order to minimize information security risks on the system at all times.

Antsomi proactively responds to security threats

Discover how Antsomi stays one step ahead to protect its applications from cyber threats with CyStack’s reliable assistance.

Our client

Antsomi is a marketing technology start-up that specializes in providing artificial intelligence solutions. With the mission of helping businesses transform digitally, Antsomi has built the first artificial intelligence integration platform, CDP 365, to help businesses store customer data from many different sources.

However, during the process of evaluating the application before release, Antsomi encountered some problems. The complexity of the application system, the constant update rate, and not having an internal security team are the reasons why Antsomi proactively sought a third-party security unit. After a process of research and study, Antsomi has confidently chosen CyStack as a security partner to support consulting and implement security enhancement solutions for their CDP 365 customer data platform project.

The CDP 365 application is built mainly on Node.js, with integration of PHP and Java, to meet the information management needs of 10 objects, including 8 websites and 2 APIs. To ensure performance and security, the application uses CloudFlare's CDN and WAF. Infrastructure based on Amazon Web Services (AWS) helps optimize data processing processes and create a flexible, scalable environment for managing diverse information from different objects.

Solution

The solution chosen is Vulnerability Management.

Implementation time: 2 years (January 2022 - January 2024).

Our workflow includes:

  • Assess security vulnerabilities: Deploy automatic scanning through the CyStack Web Security (CWS) tool developed by the CyStack team, helping to automatically check and scan subdomains and IP addresses in the internal network; detect vulnerabilities using fuzzing techniques with CyStack's security vulnerability database.
  • Penetration testing: A type of simulation of a cyber security attack on a system, computer network, or web application to detect security vulnerabilities that can be exploited. Penetration testing is performed by security experts, using a variety of tools and techniques to evaluate the security of the target environment, thereby finding weak points that can be attacked.
  • Deploy a bug bounty program: On our WhiteHub security platform, leverage the power of the community to improve vulnerability detection. The bug bounty program is a form of community security that rewards individuals or groups, also known as white hat hackers, who discover and submit reports on security vulnerabilities in software, or enterprise systems. Businesses offer bonus levels, which can be equal to money, souvenirs, or registration forms, creating motivation for white hat hackers to search and report found vulnerabilities.
  • Set up continuous monitoring: To detect security incidents early, help limit risks, and maintain system safety.

The customer requested that scanning be implemented through a proxy to effectively manage network traffic and IP addresses involved in vulnerability scanning. Although we could comply with this request, the efficiency of the process will be significantly reduced due to the use of proxies.

Result

Through the bug bounty program, we recorded 37 reward reports. The total reward value is 146,200,000 VND, with the highest reward being 5,000,000 VND.

The total number of vulnerabilities discovered: 31 critical, 14 high, 14 medium, and 3 low.

How we fixed:

  • SQL Injection with 22 vulnerabilities.
  • Permission errors allow users with lower privileges to perform functions intended for higher privileges for 17 vulnerabilities.
  • Insecure Direct Object References (IDOR) of 8 vulnerabilities.

Financially, Antsomi has optimized costs to the maximum level without having to hire internal personnel. This not only provides flexible costs but also helps businesses manage cash flow more effectively through fixed costs.

At the same time, Antsomi's work efficiency has been significantly improved. With in-depth knowledge and experience in the field of security, CyStack not only helps Antsomi solve problems effectively but also offers creative solutions and ensures maximum system security.

Customer Service

The success of this project would not be possible without strong support from our Business Development and Security Engineering teams. These two teams have played an important role, collaborating to ensure the stable and safe development of Antsomi.

Business Development Team:

  • Work with the internal security team to advise on appropriate solutions to ensure comprehensive security for Antsomi.
  • Submit reports on time to notify discovered vulnerabilities.

Security Engineering Team:

  • Evaluate the severity of each vulnerability, thereby giving priority to remediation, helping Antsomi optimize the vulnerability remediation process and minimize security risks.
  • Consulting on design changes and solutions for system-wide vulnerabilities.
  • Re-evaluate the fixed vulnerability thoroughly, and find all measures to bypass it before concluding that the vulnerability has been completely fixed.

About CyStack

CyStack is a cybersecurity company based in Vietnam since 2017. We offer comprehensive solutions, including testing, security consulting, and managed services. With over 200 businesses and 20,000 users around the world, we are recognized as a trusted partner for organizations and a strong leading firm in cybersecurity research and development.

For more information, please visit: https://cystack.net/

Quotes

“Investing in system security is of utmost importance for every business in today’s digital age. We have early recognized that this is a critical factor that cannot be taken lightly in our business development.” – Mr. Bach Quang Bao Toan, Co-Founder & CTO of Antsomi CDP 365 & Ants Programmatic.

“Although we have not experienced any security incidents in the past, we prioritize prevention over problem-solving. Security is our top priority to stay one step ahead of hacker attacks.” – Mr. Bach Quang Bao Toan, Co-Founder & CTO of Antsomi CDP 365 & Ants Programmatic.

In the past, we have tried several other security solutions but did not achieve the expected results. However, CyStack has truly impressed us with the exceptional quality of service and the enthusiastic support provided by its team of professionals. – Mr. Bach Quang Bao Toan, Co-Founder & CTO of Antsomi CDP 365 & Ants Programmatic.

Other Case Studies

VietnamCredit: Shaping Business Success From Security Policy Development
Case study|
VietnamCredit: Shaping Business Success From Security Policy Development
VietnamCredit faced many challenges related to security policies, making it difficult to work with end customers. CyStack, along with the Security Policy Building solution, has helped VietnamCredit overcome obstacles and gain customer trust.
Vayana Weaves Success by Connecting a Network of 300.000+ Enterprises with Smart Contract Audit
Case study|
Vayana Weaves Success by Connecting a Network of 300.000+ Enterprises with Smart Contract Audit
With proactive security morale, Vayana has successfully built customers' trust, and maintained its position as one of the leading technology companies in the tech-stack metropolis India, thanks to Smart Contract Audit.
Petit Gateau: Proactive Shielding, Customer Trust Yielding
Case study|
Petit Gateau: Proactive Shielding, Customer Trust Yielding
Petit Gateau successfully protected the products of its partner Dai-ichi Life, a leading worldwide company in the insurance industry, thanks to the application of Penetration Testing performed by the CyStack experts team.