Exchange Security Audit

The SlowMist security team specializes in traditional network attacks and defenses. The relevant achievements of team members has been highly recognized by the world's leading institutions. Our exchange security audits is more than just a typical network audit, it’s built with a unique private key architecture along with years of extensive practical security knowledge. The related security services provided by SlowMist has covered top digital trading platforms in dozens of industries, whether centralized or decentralized.Security Audit: Our audits covers penetration testing topics in greater depth and detail than other penetration testing services. Through a combination of black box and gray box security audits, we are able discover vulnerabilities and propose solutions to our clients. As well as providing suggestions for improving security, and best security practices to prevent possible security risks in the future. The security audit will provide a more comprehensive practical basis for the construction of the enterprise security system, and issue a professional Security Audit Report according to the needs of the development team.

Contact Us

Processing Flow

Exchange Security Audit Program

Serial Number Audit Class Audit Subclass
1 Open Source Intelligence Gathering WHOIS information collection
Real IP discovery
Subdomain detection
Mail service detection
Certificate information collection
Web services component fingerprint collection
Port service component fingerprint collection
Segment C service acquisition
Personnel structure collection
GitHub source code leak locating
Google Hack detection
Discovery of the privacy leaked
2 App Security Audit App environment testing audit
Code decompilation detection
File storage security detection
Communication encryption detection
Permissions detection
Interface security test
Business security test
WebKit security test
App cache security detection
App Webview DOM security test
SQLite storage security audit
3 Server Security Configuration Audit CDN service detection
Network infrastructure configuration test
Application platform configuration management test
File extension resolution test
Backup, unlinked file test
Enumerate management interface test
HTTP method test
HTTP strict transmission test
Web front-end cross-domain policy test
Web security response head test
Weak password and default password detection
Management background discovery
4 Node Security Audit Node configuration security detection
Node data synchronization security detection
Node transaction security audit
Node communication security detection
Node open source code security audit
5 Identity Management Audit Role definition test
User registration process test
Account rights change test
Account enumeration test
Weak username strategy testing
6 Certification and Authorization Audit Password information encrypted transmission test
Default password test
Account lockout mechanism test
Certification bypass test
Password memory function test
Browser cache test
Password strategy test
Security quiz test
Password reset test
OAuth authentication model test
Privilege escalation test
Authorization bypass test
Two-factor authentication bypass test
Hash robustness test
7 Session Management Audit Session management bypass test
Cookies property test
Session fixation test
Session token leak test
Cross Site Request Forgery (CSRF) test
Logout function test
Session timeout test
Session token overload test
8 Input Security Audit Cross Site Scripting (XSS) test
Template injection test
Third-party component vulnerability test
HTTP parameter pollution test
SQL injection test
XXE entity injection test
Deserialization vulnerability test
SSRF vulnerability test
Code injection test
Local file contains test
Remote file contains test
Command execution injection test
Buffer overflow test
Formatted string test
9 Business Logic Audit Interface security test
Request forgery test
Integrity test
Overtime detection
Interface frequency limit test
Workflow bypass test
Application misuse protection test
Unexpected file type upload test
Malicious file upload test
10 Cryptographic Security Audit Weak SSL/TLS encryption, insecure transport layer protection test
SSL pinning security deployment test
Non-encrypted channel transmission of sensitive data test
11 Hot Wallet Architecture Security Audit -
12 Private Key Management System Security Audit -

Customer Sample

Back To Top