Hi everyone,
The results are in!
https://campbx.com/testnet/main.phpWe were tested for >1,000 known vulnerabilities specific to our platform and services by McAfee Secure (formerly McAfee Hacker-Safe), who are ranked #1 in security industry for threat detection. This is the same auditing service used by well-known brands like Costco, Petco, and Roush Racing for their e-commerce websites.
Here is an executive summary of our results:
OWASP top-10 web vulnerabilities:
A1: Injection -
Pass A2: Cross-Site Scripting (XSS) -
Pass A3: Broken Authentication and Session Management -
Pass A4: Insecure Direct Object References -
Pass A5: Cross-Site Request Forgery (CSRF) -
Pass A6: Security Misconfiguration -
Pass A7: Insecure Cryptographic Storage -
Pass A8: Failure to Restrict URL Access -
Pass A9: Insufficient Transport Layer Protection -
Pass A10: Unvalidated Redirects and Forwards -
PassDistributed Denial-of-Service attack:
Pass with no noticeable slowdown in response time
All vulnerabilities are classified on a scale of 1-to-5, with 5 being Urgent and 1 being informational. Camp BX final scorecard is:
Sev 5: zero
Sev 4: zero
Sev 3: zero
Sev 2: zero
Sev 1: 29
(Sev 1 includes information like "DNS Server detected", "NTP Server detected", "SSL Certificate mismatch on Testnet.CampBX.com"...)
This makes Camp BX is the first Bitcoin platform certified for compliance with 7 information and data security standards! We have also achieved all requirements for the McAfee Secure Trustmark, and on our livenet launch Camp BX platform will proudly wear this badge. A HUGE thank you to Alex and Yuriy for burning the midnight oil to fix all issues identified, and ensuring that we are able to achieve this crucial certification prior to our launch.
Going forward Camp BX will be
re-tested daily for all known vulnerabilities. We realize that security is a process, and we have put together alerts and escalation procedures in place to ensure that anything higher than Sev 1 is fixed within 72 hours.
Thank you and good night,
Keyur