EN

Wallet Security Audit

The SlowMist security team is specialize in traditional network attack and defense. The relevant achievements of team members have also been highly recognized by the world's top institutions, but the wallet security is far more than traditional network security. The SlowMist security team has a unique private key architecture in the blockchain world and also has rich and leading practical security experience. The related security services provided by SlowMist have covered the top digital asset trading platforms in dozens of industries, whether centralized or decentralized, and all of the currency supported.

Processing Flow

Wallet Security Audit Program

Serial Number Audit Class Audit Subclass
1 Open Source Intelligence Gathering Whois information collection
Real IP discovery
Subdomain detection
Mail service detection
Certificate information collection
Web services component fingerprint collection
Port service component fingerprint collection
Segment C service acquisition
Personnel structure collection
GitHub source code leak locating
Google Hack detection
Discovery of the privacy leaked
2 App Security Audit App environment testing audit
Code decompilation detection
File storage security detection
Communication encryption detection
Permissions detection
Interface security test
Business security test
WebKit security test
App cache security detection
App Webview DOM security test
SQLite storage security audit
3 Server Security Configuration Audit CDN service detection
Network infrastructure configuration test
Application platform configuration management test
File extension resolution test
Backup, unlinked file test
Enumerate management interface test
HTTP method test
HTTP strict transmission test
Web front-end cross-domain policy test
Web security response head test
Weak password and default password detection
Management background discovery
4 Node Security Audit Node configuration security detection
Node data synchronization security detection
Node transaction security audit
Node communication security detection
Node open source code security audit
5 Identity Management Audit Role definition test
User registration process test
Account rights change test
Account enumeration test
Weak username strategy testing
6 Certification and Authorization Audit Password information encrypted transmission test
Default password test
Account lockout mechanism test
Certification bypass test
Password memory function test
Browser cache test
Password strategy test
Security quiz test
Password reset test
OAuth authentication model test
Privilege escalation test
Authorization bypass test
Two-factor authentication bypass test
Hash robustness test
7 Session Management Audit Session management bypass test
Cookies property test
Session fixation test
Session token leak test
Cross Site Request Forgery (CSRF) test
Logout function test
Session timeout test
Session token overload test
8 Input Security Audit Cross Site Scripting (XSS) test
Template injection test
Third-party component vulnerability test
HTTP parameter pollution test
SQL injection test
XXE entity injection test
Deserialization vulnerability test
SSRF vulnerability test
Code injection test
Local file contains test
Remote file contains test
Command execution injection test
Buffer overflow test
Formatted string test
9 Business Logic Audit Interface security test
Request forgery test
Integrity test
Overtime detection
Interface frequency limit test
Workflow bypass test
Application misuse protection test
Unexpected file type upload test
Malicious file upload test
10 Cryptographic Security Audit Weak SSL/TLS encryption, insecure transport layer protection test
SSL pinning security deployment test
Non-encrypted channel transmission of sensitive data test

Customer Sample