• Why CyStack
  • Products
  • Services
  • Solutions
  • Company
  • Resources

Epwise AG: Remarkable Efforts In Mitigating Cyber Risks

CyStack helps Epwise AG manage security vulnerabilities in its systems and networks through our comprehensive vulnerability management platform.

CyStack products used

0
CyStack

Wise

CyStack products used

0

From May 11, 2022 to October 10, 2022, CyStack performed a security assessment and vulnerability management for Wise applications. The system is tested by leading Pen-testers at CyStack and a team of community experts on the WhiteHub platform. The purpose of this project is to identify security weaknesses, provide remedial recommendations, and provide continuous feedback, in order to minimize information security risks on the system at all times.

Epwise AG: Remarkable Efforts In Mitigating Cyber Risks

Scientifically manage security vulnerabilities in systems and networks through a comprehensive vulnerability management platform.

Our client

Epwise AG is a Swiss company that provides software solutions to customers across various industries, helping simplify work and improve the customer experience.

Wise is a unique suite of IT services designed by their customers and developed by Wise.swiss, including these applications:

  • Immowise is a real estate management application, specifically managing rental buildings and basic activities inside to operate the building such as work, calendars, meetings, personnel, assets, etc. The application is programmed in Ruby for the back-end, TypeScript; and Angular for the front-end.
  • Eventwise supports event management of companies and units, such as creating and managing event information; managing event participants; handling related email flows such as invitations and reminders; paying for event tickets; etc. The application is programmed in PHP and Laravel.
  • Partnerwise helps businesses manage relationships, such as partnership requests, support, and sponsorship. Partnerwise supports creating questionnaire forms to send to partners, scoring/reviewing answers from the form, managing relevant personnel, and assigning personnel to handle each step in the browsing flow, etc. The application is programmed in PHP and Laravel.

Operating in the European region, which is known to have extremely strict security regulations and principles such as the General Data Protection Regulation (GDPR), Wise was required to ensure compliance with security standards. Therefore, Wise needed to look for a third party to help them monitor the security of the company's software and applications.

Wise was soon aware of the importance of security solutions to protect company data from potential threats and minimize the consequences. However, building an in-house security team required a significant investment of time and financial resources. After a search process in the European region, Wise decided to choose CyStack, a security company in Vietnam, to accompany this project.

Solution

Due to the unique nature of software with many continuous updates, Wise asked for a long-term monitoring and management solution. Wise's suitable solution for the above requirements is Vulnerability Management.

Test object: Web application

Deployment time:

  • Contract 1: from May 2022 to November 2022
  • Contract 2: from December 2022 to May 2023.

In particular, CyStack started testing Immowise in May 2022, then received Eventwise in August 2022 and Partnerwise in January 2023.

During the initial period of the project, only CyStack's team of experts participated in managing the program. Later, CyStack expanded the scale to crowdsourced security on the WhiteHub platform in semi-private. This mode is limited to verified experts who have undergone identity authentication and signed a non-disclosure agreement (NDA) before participating in the program, guaranteeing robust security measures and proactive risk control for Immowise and Eventwise. The program took place in November 2022.

Vulnerability Management includes the following services, reorganized in a more efficient and comprehensive way for businesses.

  • Assess security vulnerabilities: Utilize CyStack's developed vulnerability scanning and monitoring tool, CyStack Web Security (CWS). CWS helps scan subdomains and IP addresses in the internal network, as well as detect vulnerabilities using fuzzing techniques and security vulnerability databases. CWS provides a platform to manage, track, prioritize, and recommend actions for findings. CWS can be integrated with CI/CD tools and other performance management tools.
  • Penetration testing: A form of simulating a cybersecurity attack on a system, computer network, or web application to detect security vulnerabilities that can be exploited. Conducted by security experts, using a variety of tools and techniques to evaluate the security of the target environment to find vulnerable vulnerabilities.
  • Managed bug bounty program: A community security that rewards individuals or groups, also known as white hat hackers, for discovering and submitting reports on security vulnerabilities in a software or enterprise system. Rewards can be money, souvenirs or registration forms, creating incentives for white hat hackers to search and report found security holes. The program takes place on the community security platform developed by CyStack - WhiteHub.

Result

We discovered a total of 36 security vulnerabilities across the three applications.

  • Immowise had 16 security vulnerabilities, including 7 high, 6 medium, and 3 low. Common errors were Broken access control and Stored XSS.
  • Eventwise had 14 security vulnerabilities, including 4 high, 9 medium, and 1 low. Common errors were Broken access control and Stored XSS.
  • Partnerwise had 6 security vulnerabilities, including 6 critical. Common errors were Broken access control and Insecured file upload.

In the semi-private session, 12 reports were awarded with a total value of 21,500,000 VND. Of which, the highest prize was worth 2,500,000 VND.

Customer Services

Our Engineering and Business Development teams provided dedicated support to ensure the customer's security check process went smoothly. This process includes:

Business Development Team

  • Organize monthly meetings to support requests and explain each error in the report, as well as answer and advise directly on the public group.
  • Promote the bug bounty program on WhiteHub to help customers find more security vulnerabilities.

Security Engineering Team

  • Consulting on overcoming vulnerabilities in another Eventwise product. This product is deployed by Wise in an on-premise environment for their customers.

About CyStack

CyStack is a cybersecurity company based in Vietnam since 2017. We offer comprehensive solutions, including testing, security consulting, and managed services. With 200+ businesses and 20,000+ users around the world, we are recognized as a trusted partner for organizations and a strong leading firm in cybersecurity research and development.

For more information, please visit: https://cystack.net/

Quotes

“As the cyber admin manager for a State, I had to deal with numerous vulnerabilities throughout product development and operations. These challenging times required relentless efforts to protect our products and preserve our brand reputation.” - Tito Espinoza, CTO of Epwise AG.

“I’m extremely pleased with the exceptional quality and professional working attitude demonstrated by CyStack. Can’t wait for the next cooperation in the future!” – Tito Espinoza, CTO of Epwise AG.

“CyStack understands our pain points and facilitates mitigating them. Thanks to the project, we have achieved a certain level of maturity in designing, releasing, and controlling software vulnerabilities.” – Tito Espinoza, CTO of Epwise AG.

Other Case Studies

VietnamCredit: Shaping Business Success From Security Policy Development
Case study|
VietnamCredit: Shaping Business Success From Security Policy Development
VietnamCredit faced many challenges related to security policies, making it difficult to work with end customers. CyStack, along with the Security Policy Building solution, has helped VietnamCredit overcome obstacles and gain customer trust.
Vayana Weaves Success by Connecting a Network of 300.000+ Enterprises with Smart Contract Audit
Case study|
Vayana Weaves Success by Connecting a Network of 300.000+ Enterprises with Smart Contract Audit
With proactive security morale, Vayana has successfully built customers' trust, and maintained its position as one of the leading technology companies in the tech-stack metropolis India, thanks to Smart Contract Audit.
Petit Gateau: Proactive Shielding, Customer Trust Yielding
Case study|
Petit Gateau: Proactive Shielding, Customer Trust Yielding
Petit Gateau successfully protected the products of its partner Dai-ichi Life, a leading worldwide company in the insurance industry, thanks to the application of Penetration Testing performed by the CyStack experts team.