Bitcoin Forum
November 12, 2024, 12:25:43 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Whitehat Penetration Testing  (Read 1469 times)
crazy_rabbit (OP)
Legendary
*
Offline Offline

Activity: 1204
Merit: 1002


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
August 17, 2012, 01:18:20 PM
 #1

In light of the number of web services that are starting up and the questionable level of security that they offer, perhaps it would be useful to have some sort of "Whitehat penetration testing" service or bounty. Perhaps sites could submit themselves to being tested by the community (and offering some sort of bounty?) and if the community isn't able to penetrate the site- a sort of 'symbol' or 'seal' could be awarded showing that the site survived penetration testing up till a certain date.

Eventually people will want to know the site they are dealing with is safe, and the endless 'hacks' look bad for us in general.

more or less retired.
paraipan
In memoriam
Legendary
*
Offline Offline

Activity: 924
Merit: 1004


Firstbits: 1pirata


View Profile WWW
August 17, 2012, 01:31:00 PM
 #2

Agree, how we could achieve doing it safely? Maybe joining a "White Hat Union" or something similar?
They could give their seal of approval to bitcoin websites, dunno just thinking out loud here

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
Indemnified
Full Member
***
Offline Offline

Activity: 216
Merit: 100


View Profile
August 17, 2012, 07:54:35 PM
 #3

This would be a very valuable service, and given the choice of competing web services I would invest in the one that had a Whitehat Penetration Certification. I would pay a reasonable bounty to a Whitehat company to obtain a report on a given web service that I was considering using (the cost would of course have to be spread over a large number of customers because I certainly couldn't afford to individually pay for penetration test of every web service I was considering using.
Elwar
Legendary
*
Offline Offline

Activity: 3598
Merit: 2386


Viva Ut Vivas


View Profile WWW
August 17, 2012, 07:57:37 PM
 #4

There are already services out there for this. The company I work for just had a team come in and do this, providing a decent report of vulnerabilities.

Rather than look into the Bitcoin community for this, look into experts who do this for a living every day.

First seastead company actually selling sea homes: Ocean Builders https://ocean.builders  Of course we accept bitcoin.
paraipan
In memoriam
Legendary
*
Offline Offline

Activity: 924
Merit: 1004


Firstbits: 1pirata


View Profile WWW
August 17, 2012, 08:15:45 PM
 #5

There are already services out there for this. The company I work for just had a team come in and do this, providing a decent report of vulnerabilities.

Rather than look into the Bitcoin community for this, look into experts who do this for a living every day.

Any of them accepting bitcoins?  Smiley

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
kiba
Legendary
*
Offline Offline

Activity: 980
Merit: 1020


View Profile
August 17, 2012, 08:40:00 PM
 #6

Every member should pay a fee that will be used to raise the bounty price.

For example, gold members pay 20 BTC a month, silver members 5 BTC a month, and bronze members only 1 BTC a month.

If there are 20 members that are gold, that mean 400 BTC are contributed each month to the bounty coffer.

crazy_rabbit (OP)
Legendary
*
Offline Offline

Activity: 1204
Merit: 1002


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
August 17, 2012, 09:51:06 PM
 #7

There are already services out there for this. The company I work for just had a team come in and do this, providing a decent report of vulnerabilities.

Rather than look into the Bitcoin community for this, look into experts who do this for a living every day.

Any of them accepting bitcoins?  Smiley

+1

more or less retired.
Ferroh
Member
**
Offline Offline

Activity: 111
Merit: 100



View Profile
August 18, 2012, 03:40:15 PM
 #8

I love this idea.

Hopefully sufficient incentives can be provided for capable penetration testers to conduct such a service.
randy-waterhouse
Newbie
*
Offline Offline

Activity: 41
Merit: 0


View Profile
August 19, 2012, 03:40:41 AM
 #9

Easy. Just put a sufficiently valuable bitcoin private key associated with a bounty somewhere relevant on your system and say "come get it".

NB: Make it a multi-sig (keep one key to yourself) to make sure you get some info about the vulnerabilities in case the penetrators just want to abscond with the loot.
crazy_rabbit (OP)
Legendary
*
Offline Offline

Activity: 1204
Merit: 1002


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
August 19, 2012, 07:53:35 AM
 #10

Easy. Just put a sufficiently valuable bitcoin private key associated with a bounty somewhere relevant on your system and say "come get it".

NB: Make it a multi-sig (keep one key to yourself) to make sure you get some info about the vulnerabilities in case the penetrators just want to abscond with the loot.


of course, now they will assume it's a multi-sig key. :-)

But really, this idea is solid- but how do we get someone involved? I think at the start we might have to turn to the community and later on start to think about dedicated professionals in this field. I don't think many firms are interested in turning their attention away from banks and corporations to work on someone's bitcoin website project. :-)

more or less retired.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!