Security Audit Of Exchange Or ICO. Simple Things You Should Know

Security Audit Of Exchange Or ICO. Simple Things You Should Know
фото показано с : bitcoinist.com

2018-9-28 20:00

Today, crypto companies are beginning to realize that it’s better to spend a sizeable portion of their budget on assessing security than to lose reputation. Nevertheless, the security problem of ICOs and crypto exchanges remains acute. Potential threats to crypto projects and reasons to engage in security testing have become the subject of our conversation with Dmitry Budorin, CEO of Hacken and HackIT 4.0, the annual forum on cybersecurity held in Ukraine.

According to various estimates, up to 90% of crypto-currency applications are experiencing security problems. Why is this happening?

Due to the hype at the end of 2017, when even a project without a single developer, idea and product could make money, most crypto startups, especially from the CIS and Asia, didn’t pay attention to security issues aspiring to launch their products as soon as possible. Now we are witnessing a market decline triggered, among other things, by projects without a real product entering the market. We ended up in crypto Wild West with ignoring the basic things necessary for business development. I’m talking about cyber security as well.

According to Skybox Security report, crypto-miners account for 32% of all cyberattacks in 2018. Are there any protection mechanisms against them?

Stealth mining and malware mining are really big problems. Means of combating them are quite simple: there are plug-ins for disabling scripts on Internet pages. This protects the user from the built-in miners. Don’t install suspicious apps from torrents, which often contain a “payload”.

What other types of attacks, in addition to viruses-miners, are common in crypto?

The most common attacks are directed at the user: gaining access to the user’s PC or malicious software that allows an attack such as man-in-the-browser.

Who should be entrusted with the examination? Hiring experts for audit or checking by yourself?

Of course, to hire specialists! An independent safety assessment is required. It’s necessary at least to run applications and infrastructure pen test and socio-technical assessment of the development team. But ideally, those are going to launch their product have to use the bug bounty and vulnerability reward platform.

What does the evaluation process consist of?

The first stage involves collecting information: obtaining data from the client or other open resources. Then a threat model – a plan for entering the system – is created. Next, the manual and automatic analysis is performed to identify vulnerabilities, after which these ones are exploited to understand how the attackers can use them and whether they are able to damage the system and the company as a whole.

Consequently, a report should appear, where all actions at each stage are documented, as well as recommendations for eliminating the vulnerabilities.

Does the crypto contain mandatory requirements and accepted safety standards?

In case of a decentralized application for receiving funds, the auditor must validate the source code of the contract, confirm that it operates in accordance with the specified public specification, and confirm that there are no errors and “backdoor” for the developer.

The other standards for applications and infrastructure migrate from the industry and are a mix of NIST, PCI DSS and ISO standards.

In your experience, are crypto projects engaged in their security issues? Is it worth to save on security?

We always say: it’s better to spend 15,000 dollars today to assess security and implement compensation measures than to lose reputation, or even business in the future. This view is shared by many crypto projects, dealing with their security in the long term and ordering service packages. Such a project can already be considered as half-valid.

You run HackIT for the fourth year in a row and this year you decided to focus on cybersecurity issues in crypto. Why is there a need for such a topic?

This year, for the first time, we’ll talk about the security of crypto exchanges. Hackers have already stolen millions so we need to change this statistics for the healthy growth of the crypto industry. At HackIT, we’ll hold roundtables with exchanges’ representatives, run a controlled hacking of their systems and talk about safety standards.

The post Security Audit Of Exchange Or ICO. Simple Things You Should Know appeared first on Bitcoinist.com.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Emerald Crypto (EMD) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 4.67 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Цена в час новости $ 0.0064455 (-100%)

security crypto audit exchange ico things know

security crypto → Результатов: 126


Amber Group boosts its crypto trading infrastructure security with AnChain.AI

CryptoNinjas » Amber Group boosts its crypto trading infrastructure security with AnChain. AI AnChain. AI, a blockchain data analytics firm providing AI-powered security, risk, and compliance solutions, today announced a new partnership with crypto finance company Amber Group to bring greater transparency and security to its crypto trading platform ecosystem.

2021-2-24 00:36


Фото:

Congressman Tom Emmer praised the SEC for clarifying that Ether is not a security

Congressman Tom Emmer has praised the U.S. Securities and Exchange Commission (SEC) for clarifying that ethereum’s native cryptocurrency, ether, is not a security. As previously reported, the SEC’s director of Corporation Finance, William Hinman, told the audience at the Yahoo! All Markets Summit: Crypto conference last week that “current offers and sales of ether are

2018-6-23 22:16


Japan’s Biggest Crypto Exchange Halts New Account Signups As Regulators Demand Improvements

Japanese cryptocurrency exchange BitFlyer suspended new account registrations on June 21, after regulators demanded it improves its security arrangements. BitFlyer Hit With AML/KYC Cleanup A tweet and statement confirmed the move, which officials implemented as part of a Business Improvement Order from Japan’s Financial Services Authority (FSA).

2018-6-22 13:00


Фото:

Korea begins probe into crypto-currency hacking attacks

Regulation Following the alleged hacks of South Korean crypto exchanges, the government has formally launched an investigation into the cause of the hacks. Japan Confirms Entrance Into the Crypto Space Government’s Response The South Korean government announced on Wednesday, June 20, that it has formally launched an investigation into the cause of the alleged security

2018-6-22 09:11


Фото:

Spacemesh Code Review: PoST Consensus

Actually quite hard to describe from their website what this Spacemesh code review is all about. A post on their page talks about the PoST consensus (more in a second) but the core seems to be that they expect to deliver scaling, security, decentralization (yes, all three) PLUS, wait for it, fairness and inclusiveness, and […] The post Spacemesh Code Review: PoST Consensus appeared first on Crypto Briefing.

2018-6-22 00:35


Фото:

Confirmation Regarding Ripple XRP As A Security, What’s Been Said?

The security debate continues to surround Ripple and Ripple XRP, the native currency to the Ripple network. Very recently, the United States Securities and Exchange Commission (SEC) have spoken out stating that both Bitcoin and Ethereum do not carry the necessary attributes to be considered a security however, there’s still no official news regarding XRP.

2018-6-18 14:00