Blockchain Security Services

Security Audit, Assessment, and Validation

How can I identify and address security flaws in my blockchain solutions?

Unfortunately, just like any other IT solution, blockchain architecture is not inherently secure. Strong security and cryptographic protocols must be built in from the start. When this doesn’t happen, blockchain solutions are just as susceptible to attack and abuse as any other piece of code, database, or in-house written application.

Solution

Just like a peer review for scientific studies, having your blockchain solutions audited for security is an essential part of the development process.

 

For software solutions, we use a combination of manual code review and automated techniques such as fuzzing and dynamic code testing to validate a blockchain application’s countermeasures against an untrusted computing base. Once our testing is complete, we provide you with a full cryptographic gap analysis and thorough breakdown of security and logic flaws in protocols, applications, and software-based crypto storage.

 

The Kudelski Blockchain Security Center also undertakes comprehensive audits to identify security vulnerabilities in hardware solutions such as crypto wallets, crypto-exchanges, hardware security modules (HSMs) and any other custom hardware in the trusted computing base. Our experts highlight security flaws present in microchips and other embedded hardware in order to determine their overall level of security and identify possible improvements. Techniques include fault injection, side channel, photonic emission, invasive circuit editing, and HW/SW reverse engineering.

 

Finally, once all flaws have been uncovered, we help your security developers apply appropriate fixes to your platforms, protocols, apps, and networks. Once the process is complete, you’ll see a dramatic improvement in the security and scalability of your blockchain solutions.

Why Us

Since our inception, Kudelski Security has built a reputation on providing world-class security assessments. Our blockchain security center is staffed by leading security and cryptography experts, and we’ve developed rigorous methodologies for detecting hardware and software vulnerabilities in blockchain technologies.

To find out more about our blockchain security services, or to arrange a consultation, contact us today.

Blog

  • 5 Common CFP Submission Mistakes for Security Conferences
    by Nathan Hamiel on April 2, 2020 at 3:00 pm

    Throughout my years on the review board for Black Hat, I’ve seen quite a few mistakes in submissions. Many of these mistakes are ones I’v […]

  • Tips From Over A Decade of Working Remotely
    by Nathan Hamiel on March 25, 2020 at 4:00 pm

    The presence of COVID-19 has led to some unprecedented times. With a large portion of the workforce now working from home, there are numerous security implications that arise. Our previous post is an extensive FAQ that covers everything you need to know about the cybersecurity concerns and how to address them. Today, we’ll dive into […]

  • Microsoft Type 1 Font Parsing Critical 0-Day Remote Code Execution Vulnerabilities
    by Kudelski Security Team on March 24, 2020 at 9:16 pm

    Summary On March 23rd, 2020 Microsoft publicly disclosed the existence of two critical 0-Day vulnerabilities in all recent versions of the Microsoft Windows operating system. Microsoft is aware of limited targeted attacks that leverage these 0-Day vulnerabilities and has provided guidance on how to temporarily mitigate the exploitation of these unpatched vulnerabilities. Patches for these […]

  • Cybersecurity Concerns with COVID-19
    by Kudelski Security Team on March 18, 2020 at 10:53 pm

    We are having increasing numbers of conversations with clients about cybersecurity and business continuity challenges resulting from the rapid adoption of work-from-home scenarios to combat the spread of COVID-19. Clients are interested in cybersecurity policy updates to improve remote access, and asking for increased employee education around BYOD security, secure WiFi use, basic security hygiene, […]

  • Security Advisory: Microsoft Server Message Block 3 (SMBv3) Remote Code Execution Vulnerability
    by Francisco Donoso on March 12, 2020 at 9:10 am

    Updated on March 12th, 2020: to reflect that Microsoft has now made a patch for the vulnerability available. As such, we’ve updated the advisory reflects updated mitigations.    Summary  On March 10th, a critical Remote Code Execution (RCE) vulnerability in the Microsoft Server Message Block (SMBv3) protocol was inadvertently disclosed. The vulnerability, known as CVE-2020-0796, is caused by how newer Windows operating systems handle certain requests, specifically compressed SMBv3 packets. Microsoft intended to release a patch for this […]

In the Press

Let's Talk