Security Audit Of Exchange Or ICO. Simple Things You Should Know

 In Exchanges

Today, crypto companies are beginning to realize that it’s better to spend a sizeable portion of their budget on assessing security than to lose reputation. Nevertheless, the security problem of ICOs and crypto exchanges remains acute. Potential threats to crypto projects and reasons to engage in security testing have become the subject of our conversation with Dmitry Budorin, CEO of Hacken and HackIT 4.0, the annual forum on cybersecurity held in Ukraine.

Due to the hype at the end of 2017, when even a project without a single developer, idea and product could make money, most crypto startups, especially from the CIS and Asia, didn’t pay attention to security issues aspiring to launch their products as soon as possible. Now we are witnessing a market decline triggered, among other things, by projects without a real product entering the market. We ended up in crypto Wild West with ignoring the basic things necessary for business development. I’m talking about cyber security as well.

Stealth mining and malware mining are really big problems. Means of combating them are quite simple: there are plug-ins for disabling scripts on Internet pages. This protects the user from the built-in miners. Don’t install suspicious apps from torrents, which often contain a “payload”.

Related Article:  Bitfinex Renews Fiat Deposit System but no Official Bank Announced

The most common attacks are directed at the user: gaining access to the user’s PC or malicious software that allows an attack such as man-in-the-browser.

Of course, to hire specialists! An independent safety assessment is required. It’s necessary at least to run applications and infrastructure pen test and socio-technical assessment of the development team. But ideally, those are going to launch their product have to use the bug bounty and vulnerability reward platform.

The first stage involves collecting information: obtaining data from the client or other open resources. Then a threat model – a plan for entering the system – is created. Next, the manual and automatic analysis is performed to identify vulnerabilities, after which these ones are exploited to understand how the attackers can use them and whether they are able to damage the system and the company as a whole.

Consequently, a report should appear, where all actions at each stage are documented, as well as recommendations for eliminating the vulnerabilities.

In case of a decentralized application for receiving funds, the auditor must validate the source code of the contract, confirm that it operates in accordance with the specified public specification, and confirm that there are no errors and “backdoor” for the developer.

Related Article:  Unwanted Tether (USDT) Leaves Markets through Bitfinex

The other standards for applications and infrastructure migrate from the industry and are a mix of NIST, PCI DSS and ISO standards.

We always say: it’s better to spend 15,000 dollars today to assess security and implement compensation measures than to lose reputation, or even business in the future. This view is shared by many crypto projects, dealing with their security in the long term and ordering service packages. Such a project can already be considered as half-valid.

This year, for the first time, we’ll talk about the security of crypto exchanges. Hackers have already stolen millions so we need to change this statistics for the healthy growth of the crypto industry. At HackIT, we’ll hold roundtables with exchanges’ representatives, run a controlled hacking of their systems and talk about safety standards.

Source link: Click here. Disclaimer:  This is a third-party article. The information on the Verified topics are provided on a strictly "as is," "where is" and "where available" basis. Verified topics expressly disclaim any implied warranties. Note Verified topics do not give any financial advice, for more information see our Acceptance of terms.


Start typing and press Enter to search