One Mount Group

CyStack products used


VinID is an application that solves all the daily needs of Vietnamese people, making their lives more convenient and economical. CyStack was engaged by One Mount Group to perform a Bounty program, commonly known as a crowdsourced penetration test, on the VINID applications. The testing was performed from July 14, 2021 to March 13, 2022. The goal of the project is to leverage the power of the expert community to test the application more effectively. Experts have penetrated into the testing environment provided by One Mount and checked all possible vulnerabilities as well as potentially leaking user information in the system.

How OneMount Group Uses Managed Bug Bounty For Application Protection?

Managed Bug Bounty helps OneMount Group enhance the overall security posture of Vinshop & VinID applications while ensuring customer data safety.

How OneMount Group Uses Managed Bug Bounty For Application Protection?

About OneMount Group

September 19, 2019 – OneMount Group (1MG) was established with the vision of advancing Vietnamese economic development by building a technology infrastructure platform for businesses. Thereby, they help businesses create and enhance value for consumers with more cost-competitive products and services. In addition, 1MG is committed to building a strong and sustainable Vietnamese enterprise, providing a conducive environment to nurture and foster startups in the future.

The goal of 1MG is to create Vietnamʼs largest technological ecosystem, providing solutions and services along the entire value chain in the financial services, distribution, real estate, and retail sectors.

With its professional business administration and robust financial backing, 1MG has a competitive edge in attracting and retaining talented Vietnamese individuals from all over the world. This will be a place to connect people and businesses through a combination of technology platforms and financial solutions, offering a seamless digital life experience for the Vietnamese.


Challenges of OneMount

“Even with abundant financial resources, there are still numerous challenges in recruiting, building, and maintaining a well-suited security team.” – Mr. Nguyen Thanh Tung, Head of Product Security, OneMount JSC

Over the past few years, the wave of digital transformation has been significantly impacting traditional businesses in Vietnam, exposing them to numerous risks and challenges in cyberspace.

In reality, the emergence of security vulnerabilities is inevitable during the development of technology products. The key is to control and address them in a timely manner. Instead of waiting and fixing flaws on a finished product, OneMount Group aims to focus on developing products with good security architecture from the beginning, which helps to minimize the number of vulnerabilities, save costs and resources for repairs, and optimize the product development process.

However, focusing solely on the initial design phase presents a significant challenge for OneMount, especially when they need to swiftly develop products to gain a competitive edge in the market. Furthermore, the company’s in-house security team has insufficient capacity to meet such goals, nor can halt production to fix any flaws in the products before re-release.

“In Vietnam, organizations face a considerable obstacle when it comes to recruiting cybersecurity professionals. Despite the growing demand, the workforce in this sector remains restricted, especially the scarcity of highly skilled individuals.” according to Mr. Nguyen Huu Trung, Founder & CEO of CyStack.

To ensure both product safety and rapid market access, OneMount Group has adopted crowdsourced security – a harmonious combination to tackle security vulnerabilities throughout the entire product development process.


CyStack solution

“I believe it would be better if businesses had a professional in-house security team. However, this is sometimes not feasible in the current context of personnel shortage. Therefore, an alternative approach would be to leverage crowdsourced security.” – Mr. Nguyen Huu Trung, Founder & CEO CyStack

Recognizing the challenges at hand, OneMount Group has sought CyStack’s support with Managed Bug Bounty solution to address outstanding issues.

We connect OneMount with the global security community through WhiteHub – the 1st and the biggest crowdsourced security platform developed by CyStack in Vietnam. Instead of seeking and recruiting talented security personnel for its internal team, CyStack helps OneMount take advantage of the community power to identify and address vulnerabilities in a timely and efficient manner, while also improving its security posture and reducing the risk of cyber attacks and data breaches.

“External experts are highly proactive and possess extensive knowledge of different security vulnerabilities, enabling them to timely and efficiently identify such weaknesses. As a result, the internal security team can concentrate on addressing product-related security issues as quickly as possible before the products are released to the market.” – said the OneMount representative

By leveraging the experienced expert community, OneMount quickly identified vulnerabilities in its web and mobile applications. This enabled the business to timely address critical security issues, safeguarding both its applications and customer data. Additionally, CyStack’s services helped OneMount save time and costs in identifying and addressing security vulnerabilities.


Results of OneMount after using CyStack solution

Final Thoughts

Crowdsourced security has become an inevitable trend of modern security to address the challenges posed by cybersecurity threats, especially in companies having fast product development.

Using Managed Bug Bounty enables the IT team to focus on their primary role in the business. Instead of testing and identifying vulnerabilities, they can concentrate on designing secure systems and providing secure architecture consultations internally, reducing the risk of cyberattacks by 80%. This approach also saves businesses on security expenses, freeing up their resources to invest in product and service development.

Other Case Studies

Ragnar Corporation and strong interest in security issues
Case study|
Ragnar Corporation and strong interest in security issues

Learn more about how Ragnar Corporation has proactively responded to protect the T-Reg application web through the Penetration Testing method. About Ragnar Corporation Co.,Ltd Ragnar Corporation is an information technology start-up, based in Bangkok, Thailand. Ragnar specializes in providing cybersecurity solutions and managing legal processes in the financial industry through technology to companies, businesses and […]

Tập đoàn Ragnar và sự quan tâm mạnh mẽ tới các vấn đề về an toàn bảo mật
Case study|
Tập đoàn Ragnar và sự quan tâm mạnh mẽ tới các vấn đề về an toàn bảo mật

Tìm hiểu thêm về cách Tập đoàn Ragnar đã chủ động ứng phó bảo vệ ứng dụng web T-Reg thông qua phương pháp Kiểm thử xâm nhập (Penetration Testing). Giới thiệu về Ragnar Corporation Co., Ltd Tập đoàn Ragnar là một start-up công nghệ thông tin có trụ sở đặt tại Bangkok, Thái Lan. Ragnar […]

Chìa khóa giúp Cellframe đảm bảo an ninh trong ngành công nghiệp blockchain
Case study|
Chìa khóa giúp Cellframe đảm bảo an ninh trong ngành công nghiệp blockchain

Khám phá những thách thức bảo mật mà các công ty blockchain như Cellframe đã gặp phải và cách họ vượt qua chúng. Giới thiệu về Cellframe Cellframe network là một nền tảng thế open source thế hệ mới, có khả năng mở rộng để xây dựng và kết nối các Blockchain cũng như dịch vụ được […]