Posts

Showing posts from 2018

Security with Block Chain Technology:Part 2

Image
Security Testing on Block Chain: By- Samrat Das Now since we have our fundamentals clear on block chain, let’s proceed for understanding the security concepts of block chain penetration testing: Even though block chain is secure with lots of conceptualized security controls, there are quite a few places where an attacker can extract information or attack the nodes. A few of such attack vectors are: ·          Block chain permissions escalation ·          Crypto Key Tampering ·          Inappropriate consensus mechanism ·          Lack of block chain security program plan ·          Lack of block chain integrity ·          Lack of malicious code protection ·          Misused timestamps ·          Genesis block tampering ·          Denial of service (DOS) attacks ·          Packet sniffing & MITM attacks In order to perform a holistic review of Block Chain Technology, we can break our assessment step to four parts: ·          Design review w

Security with Block Chain Technology:Part 1

Image
Penetration Testing and Security Audit of Block Chain Technology: By- Samrat Das      Block chain overview: Block chain in the simplest of terms can be defined as a chain of the block that contains information. The basic fundamental relies on timestamping digital documents to prevent backdating them or tampering them. Why is block chain used? Block chain is used for the secure transfer of a variety of things including money, property, contracts, etc. but the facility of no third-party intermediary needed like bank or government. The downside or rather advantage being once a data is recorded inside a block chain, it becomes very difficult to change. Protocol Concepts: Block chain is a software protocol which needs the Internet as a medium to run as a meta-technology. It is made up of: database, software and connected computers. Features of block chain: ·          Resilience: Replicated architecture, the advantage of block chain is even in cases of DOS attack