The Strong Interest Of Ragnar Corporation In Security Challenges

Learn more about how Ragnar Corporation has proactively responded to protect the T-Reg application web through the Penetration Testing method.

Ragnar is a technology start-up company in Bangkok, Thailand. Ragnar specializes in providing cybersecurity solutions and managing legal processes in the financial industry through technology for companies, businesses, and organizations in Thailand. Ragnar currently owns 5 different start-up units that are participating in research and development of the end-to-end technology ecosystem.

T-Reg is a platform for organizations within Thailand needing to ensure their compliance with Thailand’s Cybersecurity Law and Personal Data Protection Act (PDPA). Therefore, Ragnar Corporation designed Methodology 3.0 or procedures to comply with the law. The PDPA, also known as the 3E Framework, consists of 3 steps: Educate, Explore, and Execute. This is the first step in implementing the PDPA project using the T-Reg platform, which helps the project to be carried out systematically and allows users to ensure their long-term legal compliance.

With responsibility for managing personal information, Ragnar is well aware of the importance of cybersecurity and places data safety as a top priority. To ensure that the T-Reg system met the highest safety standards, Ragnar decided to partner with an external security agency to conduct a comprehensive review.

Ragnar integrates many AWS services such as Amazon Cognito, Amazon CloudFront, and Amazon S3. Ragnar uses CloudFlare's WAF to control traffic and ensure web application security. Coupled with modern technology like Express.js, Vue.js, and Nginx, Ragnar creates a flexible development environment that delivers a smooth and reliable user experience across the platform.

As a cybersecurity company, Ragnar was soon highly aware of the level of risk that not ensuring data security can affect the business operations of the business as well as its customers. uses the T-Reg platform. In particular, in the past, Mr. Wisutthichart Khemklad - Ragnar DevOps Engineer - encountered an attack from Ransomware, an extremely dangerous encrypted virus, causing the computer owner to lose access to data on the computer. drive, causing great damage to businesses in terms of finance and customer trust.

Ragnar has proactively learned about third-party security units. After searching for many companies from many countries around the world, Ragnar chose CyStack as the security partner for this project.

The solution used is Penetration Testing, following the direction of Gray-box testing following Ragnar's requirements. Gray-box helps assess an organization's vulnerability to internal threats, saving time and optimizing costs for businesses. The Gray-box format helps CyStack localize endpoints that need to be tested, understand business functions quickly, and reduce unnecessary communication.

Implementation time: From June 2023, within 15 days.

Test object: Web application.

Ragnar only requires testing two target modules: User Management and Integration.

Ragnar faced significant challenges related to designing and testing user permissions, especially in the User Management module. All detected errors focus on this type of error, posing serious problems in information security and system security.

With Penetration Testing solution, we have discovered a total of 4 security vulnerabilities: 3 critical and 1 high.

After a thorough consulting process, Ragnar has thoroughly fixed the decentralization loopholes. Thus, allowing users to edit information of equal users and allowing unauthorized users to access functions that require high authorization. This process has helped strengthen and enhance the security of the Ragnar system, providing a safe and reliable usage experience for users.

Ragnar received Cybersecurity Certification from CyStack after a rigorous assessment process based on international standards. This is a testament to high-level compliance with industry-leading cybersecurity standards and guidelines.

The accomplishment of this project would not have been achievable without the robust assistance provided by our Business Development and Security Engineering teams. These two groups have played a vital role, working closely together to guarantee the stable and secure advancement of Ragnar.

Business Development Team: Coordination between the two parties is an important factor to complete the project in a short time and ensure Ragnar's required time. The close integration of our Business Development team and Ragnar has created a productive working environment.

Security Engineering Team: CyStack is focused on ensuring our decentralized design is secure and minimizes risk. Our experts perform thorough testing and evaluation of every aspect of the system to establish robust solutions that ensure authority management is implemented most effectively and safely. This gives Ragnar a reliable decentralized design, preventing any threats that may arise from abuse of user authority.

CyStack is a cybersecurity company based in Vietnam since 2017. We offer comprehensive solutions, including testing, security consulting, and managed services. With over 200 businesses and 20,000 users around the world, we are recognized as a trusted partner for organizations and a strong leading firm in cybersecurity research and development.

For more information, please visit: https://cystack.net/

“Exploring cybersecurity is crucial for safeguarding data, customer information, and countering cyber threats. A robust cybersecurity strategy helps prevent financial losses, preserves the business's reputation, and builds trust with customers, making it an essential component for sustained success in every company.” – Mr. Wisutthichart Khemklad, DevOps Engineer at Ragnar Corporation.

“The quality of work, the professional coordination of the team of experts, the speed of processing, the technical support, the price – all are outstanding. We are looking forward to the next cooperation.” – Mr. Wisutthichart Khemklad, DevOps Engineer at Ragnar Corporation.

“After this collaboration, Ragnar has received a lot of things. A trusted certification from a reputable cybersecurity company, a more secure platform for users, trust from our customers, and new security knowledge.” – Mr. Wisutthichart Khemklad, DevOps Engineer at Ragnar Corporation.