Topic: Camp BX Hacker / Security Audit: Results - page 4. (Read 15921 times)
all this really means is that the hackers will need to be a little more clever
I signed up. Looking forward to your site going live.
Hopefully this encourages other exchanges to add similar security value in order to remain competative. Overall this should help lift the image of bitcoin trading.
Well done! (and best of luck)
I agree. More openess at the exchanges would be a huge boost to confidence in bitcoin. Competing exchanges should force greater security and transparity. Well done! (and best of luck)
Hopefully this encourages other exchanges to add similar security value in order to remain competative. Overall this should help lift the image of bitcoin trading.
Well done! (and best of luck)
Well done! (and best of luck)
I wonder how Mt Gox would do.
Hi everyone,
The results are in! https://campbx.com/testnet/main.php
We were tested for >1,000 known vulnerabilities specific to our platform and services by McAfee Secure (formerly McAfee Hacker-Safe), who are ranked #1 in security industry for threat detection. This is the same auditing service used by well-known brands like Costco, Petco, and Roush Racing for their e-commerce websites.
Here is an executive summary of our results:
OWASP top-10 web vulnerabilities:
A1: Injection - Pass
A2: Cross-Site Scripting (XSS) - Pass
A3: Broken Authentication and Session Management - Pass
A4: Insecure Direct Object References - Pass
A5: Cross-Site Request Forgery (CSRF) - Pass
A6: Security Misconfiguration - Pass
A7: Insecure Cryptographic Storage - Pass
A8: Failure to Restrict URL Access - Pass
A9: Insufficient Transport Layer Protection - Pass
A10: Unvalidated Redirects and Forwards - Pass
Distributed Denial-of-Service attack: Pass with no noticeable slowdown in response time
All vulnerabilities are classified on a scale of 1-to-5, with 5 being Urgent and 1 being informational. Camp BX final scorecard is:
Sev 5: zero
Sev 4: zero
Sev 3: zero
Sev 2: zero
Sev 1: 29
(Sev 1 includes information like "DNS Server detected", "NTP Server detected", "SSL Certificate mismatch on Testnet.CampBX.com"...)
This makes Camp BX is the first Bitcoin platform certified for compliance with 7 information and data security standards!
We have also achieved all requirements for the McAfee Secure Trustmark, and on our livenet launch Camp BX platform will proudly wear this badge. A HUGE thank you to Alex and Yuriy for burning the midnight oil to fix all issues identified, and ensuring that we are able to achieve this crucial certification prior to our launch.
Going forward Camp BX will be re-tested daily for all known vulnerabilities. We realize that security is a process, and we have put together alerts and escalation procedures in place to ensure that anything higher than Sev 1 is fixed within 72 hours.
Thank you and good night,
Keyur
The results are in! https://campbx.com/testnet/main.php
We were tested for >1,000 known vulnerabilities specific to our platform and services by McAfee Secure (formerly McAfee Hacker-Safe), who are ranked #1 in security industry for threat detection. This is the same auditing service used by well-known brands like Costco, Petco, and Roush Racing for their e-commerce websites.
Here is an executive summary of our results:
OWASP top-10 web vulnerabilities:
A1: Injection - Pass
A2: Cross-Site Scripting (XSS) - Pass
A3: Broken Authentication and Session Management - Pass
A4: Insecure Direct Object References - Pass
A5: Cross-Site Request Forgery (CSRF) - Pass
A6: Security Misconfiguration - Pass
A7: Insecure Cryptographic Storage - Pass
A8: Failure to Restrict URL Access - Pass
A9: Insufficient Transport Layer Protection - Pass
A10: Unvalidated Redirects and Forwards - Pass
Distributed Denial-of-Service attack: Pass with no noticeable slowdown in response time
All vulnerabilities are classified on a scale of 1-to-5, with 5 being Urgent and 1 being informational. Camp BX final scorecard is:
Sev 5: zero
Sev 4: zero
Sev 3: zero
Sev 2: zero
Sev 1: 29
(Sev 1 includes information like "DNS Server detected", "NTP Server detected", "SSL Certificate mismatch on Testnet.CampBX.com"...)
This makes Camp BX is the first Bitcoin platform certified for compliance with 7 information and data security standards!
We have also achieved all requirements for the McAfee Secure Trustmark, and on our livenet launch Camp BX platform will proudly wear this badge. A HUGE thank you to Alex and Yuriy for burning the midnight oil to fix all issues identified, and ensuring that we are able to achieve this crucial certification prior to our launch.
Going forward Camp BX will be re-tested daily for all known vulnerabilities. We realize that security is a process, and we have put together alerts and escalation procedures in place to ensure that anything higher than Sev 1 is fixed within 72 hours.
Thank you and good night,
Keyur
Jump to: