Security status in Cryptocurrency exchanges

JanpriX

hero member

Activity: 1708

Merit: 606

Buy The F*cking Dip

Really appreciate this type of thread which helps the community be aware of things that go unnoticed. And to think that this is a very serious and important information for all of us but the very first time that I read something regarding the topic pointed out in the OP.

Honestly speaking, I don't know most of the terms in those graphs but what I'm sure of is that those are very important security measures to be used by cryptoexchanges and to see that almost all of them have very low security features implemented are very disheartening. Huge amount of money overflows to those exchanges but they don't use it to improve and secure their platform. Well, I will not be surprised if the number of problematic exchanges will arise in the coming months due to security issues. Embarrassed

LeGaulois

copper member

Activity: 2828

Merit: 4065

Top Crypto Casino

I used data from Sqreen.io as mentioned in the OP, and yes it's just surface level security mechanisms so imagine if you check at the heart of the system. For sure you will find some sites prone to other attacks.

What surprised me first was simply the number of cryptocurrency exchanges tested. I couldn't imagine there are at least 140 websites online.
Then was the fact the biggest exchanges are badly graded with a score 3.8 out of 10.

Patatas

legendary

Activity: 1750

Merit: 1115

Providing AI/ChatGpt Services - PM!

You can just google the terms..

Quote from: alyssa85 on February 24, 2018, 07:12:46 AM

That's an interesting graphic. Can you explain what some of the elements mean? What does "strict transport" do, and what are public key pins?

Basically,they're headers.I'm sure you won't understand if you're coming from a non-technical/programming background.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning

@OP these mentioned are just surface level security mechanisms.Pretty sure most of these websites are easily prone to other attacks like SQL Injection etc.What is your source of data for the graphs ?

slackcryptoz

sr. member

Activity: 456

Merit: 250

That's an good effort to give a perfect information regarding the security factors of several cryptocurrency exchanges that were operating around the globe. Exchange authorities develop the best security features be be more secure, but the hacking and large volume stealing of assets still continues.

alyssa85

legendary

Activity: 1652

Merit: 1088

CryptoTalk.Org - Get Paid for every Post!

That's an interesting graphic. Can you explain what some of the elements mean? What does "strict transport" do, and what are public key pins?

Also, can you list which exchanges have the most security? (perhaps do another graphic scoring the exchanges on each element)

LeGaulois

copper member

Activity: 2828

Merit: 4065

Top Crypto Casino

I made this graphic using some data from Sqreen. (Yeah, I know it's not a professional one I am usually able to do better but I never tried to use bar graphs or histograms so I was just playing around)

140 cryptocurrency exchanges have been checked one by one for basic security issues. It doesn't mean these exchanges have vulnerabilities but they should improve some basic security controls

Quote

out of the 140 exchanges we analyzed less than 40% of them are using headers like the Strict-Transport-Security header or the X-XSS-Protection header. 20% expose server information which isn’t a security vulnerability in itself but that clearly shows the low level of security best practices implemented. And 26% of them use frontend libraries with known vulnerabilities. Only 2% implemented a Content-Security-Policy that, if done well, can offer powerful protection against clickjacking or XSS

Topic: Security status in Cryptocurrency exchanges (Read 213 times)