Camp BX team has been gearing up for a full security and compliance audit this weekend by securing our codebase and configuration. The third-party independent audit will commence today so you may see some signs of stress when using http://testnet.CampBX.com/
for test-coin trading.
So what exactly are the auditors testing us for?
All of the top-10 vulnerabilities
identified by OWASP project will be tested. This OWASP awareness document is acknowledged and relied on by organizations worldwide, including the PCI, Dept of Defense, Federal Trade Commission, and countless others. Current top-10 are: https://www.owasp.org/index.php/Top_10_2010-A1
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards
Plus, hundreds of additional vulnerabilities will be tested that did not make the above top-10 list.
We will also under go couple of D-DoS (Distributed Denial of Service)
attacks from the auditor's clouds in USA and offshore.
And most importantly, we will be tested for security standards compliance with:
1) All U.S. Government requirements
for remote vulnerability testing as set forth by the National Infrastructure Protection Center (NIPC).
2) The Payment Card Industry (PCI)
Data Security Standard
2) Security scanning requirements of Visa USA's Cardholder Information Security Program (CISP)
3) Visa International's Account Information Security (AIS) program
4) MasterCard Internationals's Site Data Protection (SDP) program
5) American Express' CID security program
6) Discover Card Information Security and Compliance (DISC) program
We will make the findings available to you, so you can form your own informed opinion about security at Camp BX.