Author

Topic: Security status in Cryptocurrency exchanges (Read 236 times)

hero member
Activity: 1708
Merit: 606
Buy The F*cking Dip
February 24, 2018, 03:47:13 PM
#6
Really appreciate this type of thread which helps the community be aware of things that go unnoticed. And to think that this is a very serious and important information for all of us but the very first time that I read something regarding the topic pointed out in the OP.

Honestly speaking, I don't know most of the terms in those graphs but what I'm sure of is that those are very important security measures to be used by cryptoexchanges and to see that almost all of them have very low security features implemented are very disheartening. Huge amount of money overflows to those exchanges but they don't use it to improve and secure their platform. Well, I will not be surprised if the number of problematic exchanges will arise in the coming months due to security issues.  Embarrassed
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
February 24, 2018, 01:34:55 PM
#5
I used data from Sqreen.io as mentioned in the OP, and yes it's just surface level security mechanisms so imagine if you check at the heart of the system. For sure you will find some sites prone to other attacks.

What surprised me first was simply the number of cryptocurrency exchanges tested. I couldn't imagine there are at least 140 websites online.
Then was the fact the biggest exchanges are badly graded with a score 3.8 out of 10.
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
February 24, 2018, 09:26:24 AM
#4
You can just google the terms..

That's an interesting graphic. Can you explain what some of the elements mean? What does "strict transport" do, and what are public key pins?


Basically,they're headers.I'm sure you won't understand if you're coming from a non-technical/programming background.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning

@OP these mentioned are just surface level security mechanisms.Pretty sure most of these websites are easily prone to other attacks like SQL Injection etc.What is your source of data for the graphs ?
sr. member
Activity: 456
Merit: 250
February 24, 2018, 06:13:26 AM
#3
That's an good effort to give a perfect information regarding the security factors of several cryptocurrency exchanges that were operating around the globe. Exchange authorities develop the best security features be be more secure, but the hacking and large volume stealing of assets still continues.
legendary
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
February 24, 2018, 06:12:46 AM
#2
That's an interesting graphic. Can you explain what some of the elements mean? What does "strict transport" do, and what are public key pins?

Also, can you list which exchanges have the most security? (perhaps do another graphic scoring the exchanges on each element)
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
February 23, 2018, 04:34:29 PM
#1
I made this graphic using some data from Sqreen. (Yeah, I know it's not a professional one I am usually able to do better but I never tried to use bar graphs or histograms  so I was just playing around)

140 cryptocurrency exchanges have been checked one by one for basic security issues. It doesn't mean these exchanges have vulnerabilities but they should improve some basic security controls



Quote
out of the 140 exchanges we analyzed less than 40% of them are using headers like the Strict-Transport-Security header or the X-XSS-Protection header. 20% expose server information which isn’t a security vulnerability in itself but that clearly shows the low level of security best practices implemented. And 26% of them use frontend libraries with known vulnerabilities. Only 2% implemented a Content-Security-Policy that, if done well, can offer powerful protection against clickjacking or XSS

Jump to: