How GoStream Handles Dangerous Cyberattacks with Vulnerability Management

GoStream used CyStack’s service for Vulnerability Management to improve its platform’s endurance against cyber attacks.

GoStream has been a live broadcasting platform in Vietnam since 2017, connecting businesses and individuals selling online by converting videos into live streaming formats and distributing them on the internet in real-time. GoStream has quickly become a favorite streaming platform in Vietnam and many other countries, attracting more than one million users to date.

With the ability to store and process large amounts of data and systems and applications constantly exposed to the internet, facing cyber threats is inevitable. Recognizing the importance of protecting systems and sensitive data, GoStream is very concerned about security issues. However, with the current staff and resources, the company still cannot meet high security requirements.

On the other hand, to scale the platform, continuous testing and monitoring become essential to manage potential vulnerabilities arising from new upgrades. This is especially important because, with the increase in users joining the platform, GoStream will face a higher risk of security vulnerabilities, thus requiring increased security to deal with threats.

GoStream application uses NodeJS back-end and is deployed on cloud infrastructure mainly AWS. The main business functions of the application include optimizing live video (livestream), automating broadcast schedules on social networking platforms and e-commerce platforms, and setting up minigames to increase sales. interactive and entertaining for users.

GoStream understands the risks in cybersecurity that it is facing. After consultation with CyStack, the platform decided to choose the Vulnerability Management solution to improve its platform’s endurance against cyber attacks.

Implementation time: From March 25, 2021 to March 25, 2022.

CyStack performed a security assessment for GoStream’s application infrastructure based on current standards, including a penetration test. All tests are based on NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and CyStack’s standard framework. Our team of security experts continuously monitored, supervised, and responded to critical threats.

To implement the solution, we support GoStream in launching and managing bug bounty programs in WhiteHub, the 1st and the biggest crowdsourced security platform developed by CyStack in Vietnam. The program aims to identify and address security vulnerabilities in a timely and efficient manner, while also providing a safe and secure environment for ethical hackers to report vulnerabilities. This can help the company improve its security posture and reduce the risk of cyber-attacks and data breaches.

By using this service, GoStream’s web application, admin panels, and APIs are monitored 24/7 for cyber threats.

Through the bug bounty program, a total of 77 reports were awarded. The total reward value reached 71,300,000 VND, of which the highest reward was worth 5,000,000 VND.

Total number of vulnerabilities discovered: 13 critical, 22 high, 40 medium, 12 low, and 5 info.

We have fixed the issues:

• 43 Insecure Direct Object References (IDOR) vulnerabilities
• 16 Broken Authentication and Session Management vulnerabilities.

CyStack's internal team promptly reported and advised on fixing security vulnerabilities, especially identified issues of high to very high severity. We focus on resolving the problem as soon as it is discovered and provide detailed recommendations on how to deal with similar vulnerabilities that may appear at other connection points in the system.

Besides, CyStack proactively built a comprehensive strategy to prevent and minimize future risks. By focusing on analyzing and fixing vulnerabilities that may appear at different connection points, we ensured that the system not only achieves a high level of security but also maintains stability. These measures and strategies simultaneously contribute to building a safe, reliable, and quality online environment for users of the GoStream application.

WhiteHub is a comprehensive cybersecurity management platform that helps businesses effectively protect digital assets, assess security, manage vulnerabilities, and comply with policies.

WhiteHub brings businesses the following benefits:

• Attack Surface Management: WhiteHub is designed to collect and monitor all of an enterprise's digital assets. WhiteHub can automatically and manually detect digital assets, creating a comprehensive system to manage a diverse attack surface. WhiteHub not only helps businesses identify digital assets automatically, but also helps manage diverse aspects of the attack surface, including domains, mobile applications, source code, and applications/mails. third-party institute. This helps businesses optimize the safety and security management process while improving their ability to cope with risks from an increasingly complex online environment.
• Security Audit & Assessment: WhiteHub not only helps businesses collect data from attack surfaces but also performs risk analysis to provide comprehensive security solutions. Activities include automated vulnerability scanning to identify and remediate security weaknesses, penetration testing performed by trusted partners to ensure system security and robustness, and opening a bug bounty program with the participation of more than 3,000 security experts around the world. These activities not only help optimize security but also enhance the ability to deal with increasingly complex threats in the online environment.
• Vulnerability Management: WhiteHub helps businesses approach and handle threats scientifically. This platform allows vulnerability classification according to CWE and VRT standards, helping administrators better understand specific weaknesses in the system. At the same time, evaluate the danger level of each vulnerability based on the latest CVSS system, providing a detailed and accurate view of the risk level. WhiteHub's interface also supports teamwork by interacting effectively with partners and team members, facilitating the process of handling vulnerabilities in a coherent and synchronized way.
• Digital Risk Protection: WhiteHub's overall strategy not only focuses on comprehensive data collection from various sources but also focuses on detecting and preventing data leaks and brand counterfeiting. WhiteHub provides automatic processing mechanisms and support services for handling data leaks, ensuring flexibility and efficiency in protecting important business information. In addition, this strategy also aims to protect the business's brand image against online cyber threats, keeping the reputation and trust of customers always maintained and stable.
• Compliance: WhiteHub takes a comprehensive approach to information security by performing compliance assessments against standards such as ISO 27001, HIPAA, GDPR, and PCI DSS; Supports security policy enforcement from network access to software usage, ensuring compliance and effective risk management; supports publishing security policies, security certificates, and bug bounty programs to the public through websites designed specifically for businesses.

For more information, please visit: https://whitehub.net

CyStack is a cybersecurity company based in Vietnam since 2017. We offer comprehensive solutions, including testing, security consulting, and managed services. With over 200 businesses and 20,000 users around the world, we are recognized as a trusted partner for organizations and a strong leading firm in cybersecurity research and development.

For more information, please visit: https://cystack.net/

Quotes

“The recent wave of cyber attacks serves as a stark reminder for all businesses that have yet to pay much attention to their data security.” – Mr. Nghiem Tien Vien, Founder & CEO GoStream JSC.

“During the work process, we discovered numerous security flaws, cases of fraud, data theft, and critical API leaks. Therefore, CyStack service is a highly valuable resource for businesses specializing in internet services.” – Mr. Nghiem Tien Vien, Founder & CEO GoStream JSC.