ZONEMINDER CASE STUDY:

Strengthening the Security of the Future

 

 

WWW.ZONEMINDER.COM

 

Providing Security is a matter of trust and confidence. ZoneMinder is an open source surveillance software system provider who stands best in delivering the high standard state of art surveillance cameras and other related security solutions which mainly concentrate on functions like capturing, analyzing, recording and monitoring of CCTV or security cameras. ZoneMinder allows you monitor as you wish irrespective of the size and scope of the target environment. The application mainly concentrates on Home Security, Theft Prevention, Industrial and Commercial Security and also on Household security surveillance services.

TECHNICAL TALE
Loginsoft is a leading security web assessment company which aims to help the on-demand open source applications and firmwares to discover the vulnerability existence and help the respective organizations with mitigations to fix them.

Loginsoft executes the different security services like Firmware analysis, Malware analysis, Binary Analysis, IoT security assessment and VAPT services which help our client in discovering the new vulnerabilities and deviations in their applications.

THE CHALLENGE

To detect the underlying flaws and vulnerabilities by increasing the security standards of the surveillance application by deep analysis provided with a professional approach.

RESULTS
Loginsoft was very successful in its committed security assessment of our client’s application and has detected the major vulnerabilities like SQL injections, Heap overflows and a deviation session management flaws. This was a major discovery which helped our client to avoid the loss in terms of both monetary and security. We have also suggested the necessary mitigations and security patches for the detected vulnerabilities.

PROJECT GOALS
To provide the best security based services without any technical obligations and restrictions by increasing the scope of the web application and enhancing the IT security standards by continuous assessments and vulnerability detection research.

APPROACH
Loginsoft had successfully executed a professional approach with a team of security experts and worked extensively in delivering the targets on time with utmost dedication and commitment.

We followed a transparent working model where we involved our clients in each and every action we have performed and took continuous feedback from them. We also proved that we are at our best when it comes to managing the time difference between different time zones by achieving the targets before the deadlines.

Entire project requirements were assigned to different C++ and PHP programming professionals who are also experts in security research. Loginsoft always monitored the work progress regularly. The current set of requirements were broken down into stories or product backlog items. The incremental weekly/monthly reporting allowed us in establishing an easy feedback loop with the customer which helped in gathering effective validation of the requirements throughout the project. Email, Slack, WebEx and JIRA tools were used for communication and project management.

Core Strategies

  • Performed VAPT (Vulnerability assessment & penetration testing) & Binary Analysis.
  • Carried out the DAST (Dynamic Application Security Testing), SAST (Static Application Security Testing) techniques to achieve our goal.
  • The Binary analysis is done to identify potential Security weaknesses in binaries.
  • PHP is used for Web applications where as C++ is used for Binaries.
  • Loginsoft employs various open source tools including RIPS for PHP web application, Perl::Critic for assessing Perl scripts. Cppcheck and Flawfinder for C, C++ binary languages.
  • Loginsoft had submitted the research reports with CWE classification along with prioritizing the risk factors.
  • Loginsoft sends the weekly report sharing the vulnerability findings for the week and also an Executive report for the month end.