Pentests of Prozorro system’s websites

22 Aug 2021 Author: Sofia Mashchenko

Over the past few years, electronic trading systems have been actively developing in Ukraine, where the state and commercial organizations can sell or buy the necessary goods and services online at specialized electronic auction websites.

The electronic system Prozorro became a unified system for public procurement. The main principle of this electronic system is transparency. This means openness, publicity, and accessibility of information about procurement by government agencies, enterprises, and organizations.

The efficiency of this system is unofficially confirmed by the corrupt officials themselves, whose incomes, according to their reports, fell at least twice with the advent of the Prozorro system.

It looks like the authors of the system have successfully chosen its name, which is a play on words: the Ukrainian word “transparent” and the name of the hero “Zorro”. In any case, the effectiveness of the system in the fight against corruption is obvious.

Considering our values, we could not stay away from modern socio-economic processes and decided to help the Prozorro system. We have improved the security of several tender websites. Let’s talk about this in detail.

How does the Prozorro system work? Customers publish tender announcements in the Prozorro system and suppliers submit their commercial proposals. The interaction takes place through the electronic auction module, which the customers and suppliers get access to through electronic platforms authorized by the Prozorro system. Examples of such websites are: zakupivli24.pb.ua, playtender.com.ua, newtend.com, public-bid.com.ua.

An important criterion for the operation of the Prozorro system is the security and protection of all bidders. In this regard, requirements and rules have been created for electronic trading platforms wishing to cooperate with the Prozorro system. One of the requirements is to conduct penetration testing with certain parameters.

H-X Technologies specialists have successfully tested the security of several electronic trading platforms connected to the state system Prozzoro.

Thanks to the performed work, our customers were able to obtain permission to work with the state electronic commerce system, and also received confidence in the future and a new solid status of successfully passed pentest.

Considering the gained experience, we invite all types of tender sites (Prozorro, corporate, independent, etc.) to cooperate. Except pentests and audits of different kinds, we also build information security management systems (ISMS) for electronic procurement systems and help ensure security at each stage of their operation.

Other posts

30/11/2024
Artificial Intelligence Security
10/11/2024
How to protect and teach how to protect logins to systems