One Mount Group
Giải pháp được lựa chọn
VinID là siêu ứng dụng thông minh, giải quyết mọi nhu cầu hàng ngày của người Việt, giúp cuộc sống của họ trở nên tiện lợi và tiết kiệm hơn. Từ ngày 14/07/2021 đến ngày 13/03/2022, CyStack đã triển khai chương trình Bounty cho ứng dụng VINID của One Mount Group. Mục tiêu của dự án nhằm tận dụng sức mạnh từ cộng đồng chuyên gia để kiểm thử ứng dụng hiệu quả hơn. Các chuyên gia đã xâm nhập vào môi trường kiểm thử được cung cấp bởi One Mount và rà soát toàn bộ những lỗi có thể gây nguy hiểm cũng như tiềm ẩn nguy cơ rò rỉ thông tin người dùng trong hệ thống.
Managed Bug Bounty helps OneMount Group enhance the overall security posture of Vinshop & VinID applications while ensuring customer data safety.
September 19, 2019 – OneMount Group (1MG) was established with the vision of advancing Vietnamese economic development by building a technology infrastructure platform for businesses. Thereby, they help businesses create and enhance value for consumers with more cost-competitive products and services. In addition, 1MG is committed to building a strong and sustainable Vietnamese enterprise, providing a conducive environment to nurture and foster startups in the future.
The goal of 1MG is to create Vietnamʼs largest technological ecosystem, providing solutions and services along the entire value chain in the financial services, distribution, real estate, and retail sectors.
With its professional business administration and robust financial backing, 1MG has a competitive edge in attracting and retaining talented Vietnamese individuals from all over the world. This will be a place to connect people and businesses through a combination of technology platforms and financial solutions, offering a seamless digital life experience for the Vietnamese.
“Even with abundant financial resources, there are still numerous challenges in recruiting, building, and maintaining a well-suited security team.” – Mr. Nguyen Thanh Tung, Head of Product Security, OneMount JSC
Over the past few years, the wave of digital transformation has been significantly impacting traditional businesses in Vietnam, exposing them to numerous risks and challenges in cyberspace.
In reality, the emergence of security vulnerabilities is inevitable during the development of technology products. The key is to control and address them in a timely manner. Instead of waiting and fixing flaws on a finished product, OneMount Group aims to focus on developing products with good security architecture from the beginning, which helps to minimize the number of vulnerabilities, save costs and resources for repairs, and optimize the product development process.
However, focusing solely on the initial design phase presents a significant challenge for OneMount, especially when they need to swiftly develop products to gain a competitive edge in the market. Furthermore, the company’s in-house security team has insufficient capacity to meet such goals, nor can halt production to fix any flaws in the products before re-release.
“In Vietnam, organizations face a considerable obstacle when it comes to recruiting cybersecurity professionals. Despite the growing demand, the workforce in this sector remains restricted, especially the scarcity of highly skilled individuals.” according to Mr. Nguyen Huu Trung, Founder & CEO of CyStack.
To ensure both product safety and rapid market access, OneMount Group has adopted crowdsourced security – a harmonious combination to tackle security vulnerabilities throughout the entire product development process.
“I believe it would be better if businesses had a professional in-house security team. However, this is sometimes not feasible in the current context of personnel shortage. Therefore, an alternative approach would be to leverage crowdsourced security.” – Mr. Nguyen Huu Trung, Founder & CEO CyStack
Recognizing the challenges at hand, OneMount Group has sought CyStack’s support with Managed Bug Bounty solution to address outstanding issues.
We connect OneMount with the global security community through WhiteHub – the 1st and the biggest crowdsourced security platform developed by CyStack in Vietnam. Instead of seeking and recruiting talented security personnel for its internal team, CyStack helps OneMount take advantage of the community power to identify and address vulnerabilities in a timely and efficient manner, while also improving its security posture and reducing the risk of cyber attacks and data breaches.
“External experts are highly proactive and possess extensive knowledge of different security vulnerabilities, enabling them to timely and efficiently identify such weaknesses. As a result, the internal security team can concentrate on addressing product-related security issues as quickly as possible before the products are released to the market.” – said the OneMount representative
By leveraging the experienced expert community, OneMount quickly identified vulnerabilities in its web and mobile applications. This enabled the business to timely address critical security issues, safeguarding both its applications and customer data. Additionally, CyStack’s services helped OneMount save time and costs in identifying and addressing security vulnerabilities.
Crowdsourced security has become an inevitable trend of modern security to address the challenges posed by cybersecurity threats, especially in companies having fast product development.
Using Managed Bug Bounty enables the IT team to focus on their primary role in the business. Instead of testing and identifying vulnerabilities, they can concentrate on designing secure systems and providing secure architecture consultations internally, reducing the risk of cyberattacks by 80%. This approach also saves businesses on security expenses, freeing up their resources to invest in product and service development.
Learn more about how Ragnar Corporation has proactively responded to protect the T-Reg application web through the Penetration Testing method. About Ragnar Corporation Co.,Ltd Ragnar Corporation is an information technology start-up, based in Bangkok, Thailand. Ragnar specializes in providing cybersecurity solutions and managing legal processes in the financial industry through technology to companies, businesses and […]
Tìm hiểu thêm về cách Tập đoàn Ragnar đã chủ động ứng phó bảo vệ ứng dụng web T-Reg thông qua phương pháp Kiểm thử xâm nhập (Penetration Testing). Giới thiệu về Ragnar Corporation Co., Ltd Tập đoàn Ragnar là một start-up công nghệ thông tin có trụ sở đặt tại Bangkok, Thái Lan. Ragnar […]
Khám phá những thách thức bảo mật mà các công ty blockchain như Cellframe đã gặp phải và cách họ vượt qua chúng. Giới thiệu về Cellframe Cellframe network là một nền tảng thế open source thế hệ mới, có khả năng mở rộng để xây dựng và kết nối các Blockchain cũng như dịch vụ được […]