Ministry of Commerce, Govt. of India, New Delhi (Government)
Security Audit Clearance of and existing online solution
 

Objective

The Kimberley Process (KP) is a joint governments initiative to stop the trade in 'conflict diamonds' and ensure that diamond purchases were not funding violence. India, represented through Ministry of commerce is acting as KP secretariat in year 2008.

Our task was to clear the KP Website www.kimberleyprocess.com from various security threats and vulnerabilities that existed in the website code which could make it prone to successful hacking attempts and defacing of the website/ website content through unlawful means.

Solution

A detailed audit report was provided to us, which contained a list of threats and vulnerabilities that were found in the site both in public and private access zones. These threats had to be removed before the site could be hosted on NIC servers in India.

The site had been developed in PHP using a framework 'CodeIgniter' which became a challenge for us as it had its own default settings, which at times we could not tamper with or change.

We went ahead following a tailor made process to make the website free from these vulnerabilities that included 14 critical issues and involved almost all the pages of the website.

In the process we made sure that we take care of proper session management, remove all kinds of run time errors and implemented a fool proof access control management system for authenticating the users of private domain of the website.

Another important factor was to make sure that cross site scripting (XSS) and SQL injections are not accepted/ performed on the site. Audit trails wee implemented for the site to make sure that each visit can be traced to the originating IP.

After a couple of interim audits the site was finally cleared of all reported vulnerabilities and was declared ready to be hosted.

Outcomes

The nature of the site and the subject being sensitive in nature involving 72 countries it was very important that the website remains free from malicious content and hacking attempts at all times especially when being hosted in India, which is known for its contribution to the IT industry globally. We managed to achieve the end objective in a period of 6 weeks.

Performance Update

The site has been uploaded on the WWW at www.kimberleyprocess.com since November 2008 and has been functioning smoothly since then. We intend

 
Home   |   Sitemap