Author

Topic: A survey on Exchange Security...These are the findings (Read 171 times)

brand new
Activity: 0
Merit: 0
Provide all your family money. Invest in Elirtex. Our website
legendary
Activity: 1498
Merit: 1117
the most alarming point i think is this one:

Quote
There’s no correlation between transaction volume and security maturity.

the more volume the more money they earn and the more money they have to spend to keep the exchange safe.

and i would like to know the names of the worst exchanges. the only posted the top 5.
hero member
Activity: 2576
Merit: 883
Freebitco.in Support https://bit.ly/2I9BVS2
Also, a proper security test seldom needs permission of the site/server... you don't want them to start prepping for an attack, otherwise you don't get real world conditions.

When I used to manage data networks for an investment bank the IT security officer would hire an external security consultancy to perform penetration and vulnerability testing. We would never know anything about it until the results came back. I'd like to know many exchanges do the same thing.
hero member
Activity: 2338
Merit: 953
Temporary forum vacation
Thank you for the link. Yes,,, I think also that many sites and not just exchanges are quite poor at meeting the benchmark levels for good security. And even if they do, the failure point always lies with human error. Mt Gox for example, just left it all to one person to keep everything on a USB stick. The hacks of Korean exchanges also always happened via the terminals of their employees who got infected with hacker malware and never realized it.

So we still wait for things to move to decentralized exchanges. I wonder when this will come.
legendary
Activity: 2968
Merit: 3684
Join the world-leading crypto sportsbook NOW!
Where can I find this survey details? Looks very interesting and am very curious to see how my favorite exchange rates there. I did not realize that there were more than 100 exchanges. I guessed maybe 50, but seems I do not know everything there is to know about crypto. I am especially interested to find out how the survey captured the data. I think most exchanges would not let anyone just go into their systems to find out about security.

Thank you, Uncle Google: https://blog.sqreen.io/cryptocurrency-exchanges-security/

Posted in January, but with no link to their report, their data collection methods, or anything else, just a sort of bait/shill blog post to buy their security product - which I'm sure most whitehat hackers would be happy to tear apart anyway.

Not saying their findings are complete garbage, they probably are just falsely quantifying the issues that we aren't surprised to know about exchanges: that their security is far below the benchmark required by a business that handles billions of dollars worth of transactions daily (recent reports say the top 10 exchanges make $3million a day in fees).

Also, a proper security test seldom needs permission of the site/server... you don't want them to start prepping for an attack, otherwise you don't get real world conditions.
hero member
Activity: 2338
Merit: 953
Temporary forum vacation
Where can I find this survey details? Looks very interesting and am very curious to see how my favorite exchange rates there. I did not realize that there were more than 100 exchanges. I guessed maybe 50, but seems I do not know everything there is to know about crypto. I am especially interested to find out how the survey captured the data. I think most exchanges would not let anyone just go into their systems to find out about security.
newbie
Activity: 64
Merit: 0
SECURITY BEST PRACTICE.                        %

ddos protection 80.58%
x-frame-options  65.47%
strikt transport security 39.57%
x-content-type-options 35.25%
x-xss-protection 29.50%
using vulnerable libraries 25.90%
don't expose server information 20.14%
application security protection 15.11%
content-security-policy 2.16%
public-key-pins 0.72%

these were the results of a survey on done on 140 of the top exchanges and the percentage of them that follow the above security protocols. Safe to say its better to take control of your of crypto if you can!               
Jump to: