Blockchain is a promising technology getting a lot of attention these days; however, organizations are struggling with exactly how it might improve business operations, what the risk implications are, and how to implement securely.
Security Innovation has been researching and assessing Blockchain technologies for years and can help you answer important questions like:
- “Can my company benefit from Blockchain? Let us help you understand”
- “Considering buying blockchain tech? Let us help you understand the risks”
- “Decided to write a smart contract? Let us train you to build it securely”
Tech Exec Workshop
This ½-day session is aimed at technical executives (CTOs, CIOs, Product Managers, Architects) who are considering blockchain for a specific business application. Our research and testing experience assessing blockchain implementations can help you design the right system and avoid common pitfalls. We can validate assumptions and make actionable recommendations to mitigate risk for the functionality you desire.
This two-day course examines methodologies used when developing smart contracts for Blockchain enabled Decentralized Applications (DApps.) Focus is given to the Ethereum Blockchain and the Solidity development language. Hands-on labs leverage a “capture the flag” platform for practical simulation and testing. After the course, your teams will be able to:
- Understand the benefits and risks of blockchain
- Use DApps built on Ethereum and Web3
- Build and hack a Solidity smart contract
- Smart Contract Code Review
- Integration Testing
- Blockchain Design and Code Review
Smart Contract Capture the Flag (CTF)
This Decentralized Application (DApp) is a series of vulnerable smart contracts with real-life use cases, ranging from decentralized trust funds and open source lottery systems, to ICOs and automated royalty agreements. Each contains a vulnerability commonly found in smart contracts and participants are challenged to exploit them to steal fake testnet ETH and earn points.
Our staff Expertise
- Security Testing
- Created comprehensive test cases for smart contracts such as checking for DOS threats in for loops (based on gas limit), use of delegatecall or libraries, use of missing modifiers after inheritance and others
- Month long pen testing project for a popular Blockchain Hardware Wallet
- Delivered multiple penetration tests for DigitalBTC (later renamed DigitalX) regarding platform APIs and integration with the Bitcoin blockchain
- Regular internal “brown bags” sessions on various blockchain topics aimed at sharing expertise amongst our engineers including test techniques, methodologies, and functionality/security analysis of various blockchain types
- Release of 4 CVEs for critical vulnerabilities in core infrastructure of the Bitcoin mining software
- Several conference presentations describing how an attacker could exploit flaws to bring down the entire Bitcoin Network
- Smart contracts
- Blockchain CTF
SDLC Gap Analysis
A well defined and secure development process significantly reduces time spent on vulnerability fixes and improves overall throughput. A secure SDLC Gap Analysis identifies key points within your SDLC to introduce or refine security activities. It also provides recommendations for improved tool usage and skills development. The result is a step-by-step roadmap to foster good security habits as part of each team member's behavior.
Experts on Demand (EoD)
Our EoD consultants help overcome knowledge and resource gaps by advising your teams on security topics and/or implementing solutions for you – right when you need them. They serve as both a direct resource for on-demand guidance and as a trusted adviser anticipating your needs.