EN

Wallet Security Audit

The SlowMist security team is specialize in traditional network attack and defense. The relevant achievements of team members have also been highly recognized by the world's top institutions, but the wallet security is far more than traditional network security. The SlowMist security team has a unique private key architecture in the blockchain world and also has rich and leading practical security experience. The related security services provided by SlowMist have covered the top digital asset trading platforms in dozens of industries, whether centralized or decentralized, and all of the currency supported.Security Audit: It covers the content of penetration testing and is more comprehensive and detailed than penetration testing services. Through a combination of black box and gray boxe, security audits not only discover vulnerabilities and propose solutions to target projects, but also provide suggestions for improving security, or best security practices to prevent possible security risks in the future. The security audit will provide a more comprehensive practical basis for the construction of the enterprise security system, and issue a professional Security Audit Report according to the needs of the development team.

Contact Us

Processing Flow

Serial Number Audit Class Audit Subclass
1 Open Source Intelligence Gathering Whois information collection
Real IP discovery
Subdomain detection
Mail service detection
Certificate information collection
Web services component fingerprint collection
Port service component fingerprint collection
Segment C service acquisition
Personnel structure collection
GitHub source code leak locating
Google Hack detection
Discovery of the privacy leaked
2 App Security Audit App environment testing audit
Code decompilation detection
File storage security detection
Communication encryption detection
Permissions detection
Interface security test
Business security test
WebKit security test
App cache security detection
App Webview DOM security test
SQLite storage security audit
3 Server Security Configuration Audit CDN service detection
Network infrastructure configuration test
Application platform configuration management test
File extension resolution test
Backup, unlinked file test
Enumerate management interface test
HTTP method test
HTTP strict transmission test
Web front-end cross-domain policy test
Web security response head test
Weak password and default password detection
Management background discovery
4 Node Security Audit Node configuration security detection
Node data synchronization security detection
Node transaction security audit
Node communication security detection
Node open source code security audit
5 Identity Management Audit Role definition test
User registration process test
Account rights change test
Account enumeration test
Weak username strategy testing
6 Certification and Authorization Audit Password information encrypted transmission test
Default password test
Account lockout mechanism test
Certification bypass test
Password memory function test
Browser cache test
Password strategy test
Security quiz test
Password reset test
OAuth authentication model test
Privilege escalation test
Authorization bypass test
Two-factor authentication bypass test
Hash robustness test
7 Session Management Audit Session management bypass test
Cookies property test
Session fixation test
Session token leak test
Cross Site Request Forgery (CSRF) test
Logout function test
Session timeout test
Session token overload test
8 Input Security Audit Cross Site Scripting (XSS) test
Template injection test
Third-party component vulnerability test
HTTP parameter pollution test
SQL injection test
XXE entity injection test
Deserialization vulnerability test
SSRF vulnerability test
Code injection test
Local file contains test
Remote file contains test
Command execution injection test
Buffer overflow test
Formatted string test
9 Business Logic Audit Interface security test
Request forgery test
Integrity test
Overtime detection
Interface frequency limit test
Workflow bypass test
Application misuse protection test
Unexpected file type upload test
Malicious file upload test
10 Cryptographic Security Audit Weak SSL/TLS encryption, insecure transport layer protection test
SSL pinning security deployment test
Non-encrypted channel transmission of sensitive data test
Serial Number Audit Class Audit Subclass
1 Transaction Process Security Audit Transaction signature security audit
Transfer security audit
Transaction broadcast audit
2 Private Key/Mnemonic Phrase Security Audit Private Key/Mnemonic generation security audit
Private Key/Mnemonic storage security audit
Private Key/Mnemonic use process security audit
Private Key/Mnemonic backup security audit
Private Key/Mnemonic destroy security audit
Random security audit
Cryptographic security audit
3 Web Front-end Security Audit XSS security Audit
Third-party JS security audit
HTTP Response Header security audit
4 Communications Security Audit Communication encryption security audit
Cross-domain transmission security audit
5 Architecture and Business Logic Security Audit Access control security audit
DApp communication security audit
Business design security audit
Architecture design security audit

Customer Sample

Back To Top