The results are in! https://campbx.com/testnet/main.php
We were tested for >1,000 known vulnerabilities specific to our platform and services by McAfee Secure (formerly McAfee Hacker-Safe), who are ranked #1 in security industry for threat detection. This is the same auditing service used by well-known brands like Costco, Petco, and Roush Racing for their e-commerce websites.
Here is an executive summary of our results:
OWASP top-10 web vulnerabilities:
A1: Injection - Pass
A2: Cross-Site Scripting (XSS) - Pass
A3: Broken Authentication and Session Management - Pass
A4: Insecure Direct Object References - Pass
A5: Cross-Site Request Forgery (CSRF) - Pass
A6: Security Misconfiguration - Pass
A7: Insecure Cryptographic Storage - Pass
A8: Failure to Restrict URL Access - Pass
A9: Insufficient Transport Layer Protection - Pass
A10: Unvalidated Redirects and Forwards - Pass
Distributed Denial-of-Service attack: Pass
with no noticeable slowdown in response time
All vulnerabilities are classified on a scale of 1-to-5, with 5 being Urgent and 1 being informational. Camp BX final scorecard is:
Sev 5: zero
Sev 4: zero
Sev 3: zero
Sev 2: zero
Sev 1: 29
(Sev 1 includes information like "DNS Server detected", "NTP Server detected", "SSL Certificate mismatch on Testnet.CampBX.com"...)This makes Camp BX is the first Bitcoin platform certified for compliance with 7 information and data security standards!
We have also achieved all requirements for the McAfee Secure Trustmark, and on our livenet launch Camp BX platform will proudly wear this badge. A HUGE thank you to Alex and Yuriy for burning the midnight oil to fix all issues identified, and ensuring that we are able to achieve this crucial certification prior to our launch.
Going forward Camp BX will be re-tested daily
for all known vulnerabilities. We realize that security is a process, and we have put together alerts and escalation procedures in place to ensure that anything higher than Sev 1 is fixed within 72 hours.
Thank you and good night,