Bitcoin Forum
December 13, 2024, 07:19:32 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Someguy's Security Service (For Bitcoin Web Services)  (Read 694 times)
someguy123 (OP)
Sr. Member
****
Offline Offline

Activity: 336
Merit: 254


CEO of Privex Inc. (www.privex.io)


View Profile WWW
September 20, 2014, 01:15:17 PM
 #1

Someguy's Security Service

Are you running a public Bitcoin service? You're a target for millions of hackers.

Do you have cold storage set up properly? Are your servers locked down? Is that developer you just hired really trustworthy?

I'm an expert in security with at least 8 years of security experience, and 5 years of Bitcoin and other CryptoCurrency experience, having worked for private Bitcoin companies building or security enhancing existing web applications in PHP, Ruby, NodeJS and other languages/frameworks.

Some of your options depending on the level of security you're looking for can be:

Internal Security Audit

An internal security audit is the most thorough type of testing (and the most expensive). It involves giving me access to your code base, your servers, and/or other architecture for me to review from within your network.

Testing your code internally will include checking for CSRF (Cross-Site Request Forgery), XSS (Cross-Site Scripting), SQLI (SQL Injection), Race Conditions, and various other types of exploits that could be present. After testing, I write up a report detailing the different sections of the code that are vulnerable, or may be vulnerable, and you can pass this onto your development team, or I can refer you to one of my verified developers who will correct the issues for a further charge.

Testing your server internally will include file/folder permission checks, checking for vulnerable services, hardening configurations for public facing services, and informing you about the risks of your server architecture (such as VPS provider security, improperly firewalled services). If you have a server administration team, I can also question them about their practices and inform them and yourself of security risks caused by them.

External Security Audit

An external security audit is less thorough than the internal one, but cheaper, and still very important. The external security audit involves me attempting to "hack" your web application and server using various techniques and tools. Note: This will all be done with your permission, and will require you to verify that you own the web application and/or server to prevent legal problems.

Testing your web application externally will involve scanning for vulnerable services, checking for CSRF/XSS/SQLI and Race Conditions, although this will be much less thorough than the internal audit, meaning that I may not be able to reveal all possible exploits due to complexity in triggering them which would be revealed by your code.

Payment Architecture Consulting

This is intended for websites which handle a "hot wallet", where Bitcoins or other cryptocurrencies are stored on a server. This does NOT apply to those using BitPay or Coinbase to deal with their payments.

Payment Architecture Consulting involves your developers explaining how user balances are handled, where and how coins are stored for the service, and how any cold wallets are handled. Afterwards, I will question them about any information I need to understand your set-up, and inform them of any changes required to keep user balances safe. The corrections to your architecture can be done by your existing developers (I would provide a thorough report detailing what they need to change), or I can bring in my own verified developers to do the work required for a price (depending on my availability, I might be able to do the corrections myself for a price too)



All services are on a quote basis. Contact me by PM on here, or email info |at| someguy123 dot com


Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!