Epwise AG: Remarkable Efforts In Mitigating Cyber Risks

Scientifically manage security vulnerabilities in systems and networks through a comprehensive vulnerability management platform.

Epwise AG is a Swiss company that provides software solutions to customers across various industries, helping simplify work and improve the customer experience.

Wise is a unique suite of IT services designed by their customers and developed by Wise.swiss, including these applications:

• Immowise is a real estate management application, specifically managing rental buildings and basic activities inside to operate the building such as work, calendars, meetings, personnel, assets, etc.
• Eventwise supports event management of companies and units, such as creating and managing event information; managing event participants; handling related email flows such as invitations and reminders; paying for event tickets; etc.
• Partnerwise helps businesses manage relationships, such as partnership requests, support, and sponsorship. Partnerwise supports creating questionnaire forms to send to partners, scoring/reviewing answers from the form, managing relevant personnel, and assigning personnel to handle each step in the browsing flow, etc.

Operating in the European region, which is known to have extremely strict security regulations and principles such as the General Data Protection Regulation (GDPR), Wise was required to ensure compliance with security standards. Therefore, Wise needed to look for a third party to help them monitor the security of the company's software and applications.

Wise was soon aware of the importance of security solutions to protect company data from potential threats and minimize the consequences. However, building an in-house security team required a significant investment of time and financial resources. After a search process in the European region, Wise decided to choose CyStack, a security company in Vietnam, to accompany this project.

Due to the unique nature of software with many continuous updates, Wise asked for a long-term monitoring and management solution. Wise's suitable solution for the above requirements is Vulnerability Management.

Test object: Web application

Implementation timeline: Divided into two phases, from May 2022 to November 2022 and from December 2022 to May 2023.

During the initial period of the project, only CyStack's team of experts participated in managing the program. Later, CyStack expanded the scale to crowdsourced security on the WhiteHub platform in semi-private. This mode is limited to verified experts who have undergone identity authentication and signed a non-disclosure agreement (NDA) before participating in the program, guaranteeing robust security measures and proactive risk control for Immowise and Eventwise. The program took place in November 2022.

Vulnerability Management includes the following services, reorganized in a more efficient and comprehensive way for businesses.

• Assess security vulnerabilities: Utilize CyStack's developed vulnerability scanning and monitoring tool, CyStack Web Security (CWS). CWS helps scan subdomains and IP addresses in the internal network, as well as detect vulnerabilities using fuzzing techniques and security vulnerability databases. CWS provides a platform to manage, track, prioritize, and recommend actions for findings. CWS can be integrated with CI/CD tools and other performance management tools.
• Penetration testing: A form of simulating a cybersecurity attack on a system, computer network, or web application to detect security vulnerabilities that can be exploited. Conducted by security experts, using a variety of tools and techniques to evaluate the security of the target environment to find vulnerable vulnerabilities.
• Managed bug bounty program: A community security that rewards individuals or groups, also known as white hat hackers, for discovering and submitting reports on security vulnerabilities in a software or enterprise system. Rewards can be money, souvenirs or registration forms, creating incentives for white hat hackers to search and report found security holes. The program takes place on the community security platform developed by CyStack - WhiteHub.

The project helped identify multiple security vulnerabilities across the Immowise, Eventwise, and Partnerwise application groups, including risks with significant potential impact. The findings were concentrated in several common vulnerability categories related to access control, input handling, and file upload mechanisms.

In addition, the semi-private crowdsourced security program also generated a number of valuable reports, helping expand the scope of discovery and improve the overall effectiveness of system protection.

Our Engineering and Business Development teams provided dedicated support to ensure the customer's security check process went smoothly. This process includes:

Business Development Team

• Organize monthly meetings to support requests and explain each error in the report, as well as answer and advise directly on the public group.
• Promote the bug bounty program on WhiteHub to help customers find more security vulnerabilities.

Security Engineering Team

• Provided remediation consulting for vulnerabilities in products that Wise deployed in on-premise environments for the organization’s customers.

CyStack is a cybersecurity company based in Vietnam since 2017. We offer comprehensive solutions, including testing, security consulting, and managed services. With 200+ businesses and 20,000+ users around the world, we are recognized as a trusted partner for organizations and a strong leading firm in cybersecurity research and development.

For more information, please visit: https://cystack.net/

“As the cyber admin manager for a State, I had to deal with numerous vulnerabilities throughout product development and operations. These challenging times required relentless efforts to protect our products and preserve our brand reputation.” - Tito Espinoza, CTO of Epwise AG.

“I’m extremely pleased with the exceptional quality and professional working attitude demonstrated by CyStack. Can’t wait for the next cooperation in the future!” – Tito Espinoza, CTO of Epwise AG.

“CyStack understands our pain points and facilitates mitigating them. Thanks to the project, we have achieved a certain level of maturity in designing, releasing, and controlling software vulnerabilities.” – Tito Espinoza, CTO of Epwise AG.