Business Communication
Project Evaluation
Make a Payment
Perform Security Audit Service
Follow-up Service
| Audit Classification | Audit Category | Audit Subclass |
|---|---|---|
| Production Network Security | DNS Security | DDoS Attack |
| DNS Spoofing | ||
| DNS Redirection | ||
| Load Balancing Strategy | Polling Logic Detection | |
| Firewall Configuration Strategy | Intra-domain Security Strategy | |
| DDoS Defense Strategy | Anti-DDoS Advanced | |
| High Performance Equipment | ||
| CDN Flow Cleaning | ||
| Load Balancing | ||
| Flow Control | ||
| Source Authentication | ||
| Session Mechanism Strategy | ||
| Port Security | Minimize Service Ports | |
| Disable Weak Passwords | ||
| Open SSH Key Login | ||
| Authority Security | Hierarchical Authorization Strategy | |
| CA Certificate/Domain Control | ||
| Personnel Management | ||
| Server Security | Basic configuration security | SSH Private key login |
| Password complex rules | ||
| Prevent root user logging in to SSH | ||
| Modify SSH default port | ||
| Setting up a Jumpserver | ||
| Minimize service ports | ||
| Firewall rules | ||
| Third-party login authentication module | ||
| Logging strategy | ||
| Upgrade and patch strategy | System updates automatically | |
| Application update | ||
| Vulnerability Patch Update | ||
| Third-party module security | Software Vulnerability Review | |
| Encryption defect | ||
| Injection Vulnerability | ||
| Code Vulnerability | ||
| Application Services Security | Security certification signature | |
| Service alarm notification | ||
| Password policy | ||
| Data transmission encryption | ||
| Storage encryption | ||
| Access Control | ||
| Server firewall | ||
| API service security | black and white list of IP | |
| Encrypted connection | ||
| Avoid MITM attacks | ||
| API Injection | ||
| Denial of service attack | ||
| Client connection authentication and authorized access | ||
| WAF service | ||
| Database service security | Certificate encrypted connection | |
| Complex password strategy | ||
| Black and white list of registered addresses | ||
| Configure the Port to Not Allow Public Access | ||
| Multi-replica | ||
| Log retention | ||
| Data Backup | ||
| Software update | ||
| Caching service security | Configure the Port to Not Allow Public Access | |
| Complex password strategy | ||
| Multi-replica | ||
| Data Backup | ||
| encrypted connection | ||
| Update bug patches in a timely manner | ||
| Black and white list of login | ||
| Private key management service security | No open interface | |
| Actively connect external interface to synchronize data | ||
| Data transmission encryption | ||
| Data Backup | ||
| Data encryption storage | ||
| Grab Data to be Signed | ||
| Interface cannot obtain private key data in plain text | ||
| Node service security | IP whitelist restricted access | |
| whitelist restricted access | ||
| Log retention | ||
| Multi-node confirmation data | ||
| Detect if the Program Crashes | ||
| Node upgrade update | ||
| Application security | App running environment security detection strategy | iOS Jailbreak Detection |
| Virtual machine detection | ||
| Android ROOT detection | ||
| App code decompilation strategy | Source code obfuscation | |
| Instruction set obfuscation | ||
| VM Shelling | ||
| Local storage security | Sandbox storage | |
| Key chain security | ||
| Cookie Security | ||
| Cache processing | ||
| Log sensitive information processing | ||
| Communication Security Strategy | Use SSL | |
| Certificate verification | ||
| Authentication and authorization Strategy | Captcha Mechanism Design | |
| Bypassing authentication | ||
| Unauthorized Access | ||
| API Interface Security | Replay Attack | |
| XSS/SQL Injection | ||
| Business Logic Security | Identity Authentication Security | |
| Business Consistent Security | ||
| Business Data Security | ||
| Data Input Format Detection | ||
| Password Recovery Logic | ||
| Confirmation Code Security | ||
| Business Authorization Security | ||
| Business Process Security | ||
| Business Interface Security | ||
| Front-end security | XSS | |
| CSRF | ||
| CORS | ||
| Click Jacking | ||
| Console Code Injection | ||
| Input Security | Command Execution | |
| XXE | ||
| Deserialization | ||
| SSRF | ||
| Overflow | ||
| SQL Injection | ||
| Code Injection | ||
| Template Injection |
| Serial Number | Audit Class | Audit Subclass |
|---|---|---|
| 1 | Static Security Examining | Built-in Function Security |
| Standard Library Security Audit | ||
| Third-party Libraries Security Audit | ||
| Injection Audit | ||
| Serialization Algorithm Audit | ||
| Memory-leak Detection | ||
| Arithmetic Operation Audit | ||
| Resource Consumption Audit | ||
| Exception Handing Audit | ||
| Log Security Audit | ||
| 2 | P2P Security | Number of Node Connections Audit |
| Node Performance Audit | ||
| Message Format Validation | ||
| Communication Encryption Audit | ||
| Alien Attack Audit | ||
| 3 | RPC Security | RPC Permission Audit |
| Malformed Data Request Audit | ||
| Communication Encryption Audit | ||
| CORS Policy Audit | ||
| 4 | Encrypted And Signature Security | Random Number Generation Algorithm Audit |
| Keystore Audit | ||
| Cryptographic Component Call Audit | ||
| Hash Strength Audit | ||
| Length Extension Attack Audit | ||
| Crypto Fuzzing Test | ||
| 5 | Account and Transaction Model Security | Authority Verification Audit |
| Replay Attack Audit | ||
| "False Top-up" Audit | ||
| 6 | System contract security audit | refers to "Smart Contract Security Audit" |
| 7 | Consensus Security | Staking Logic Audit |
| Block Verification Audit | ||
| Merkle-Tree Audit | ||
| 8 | Code Compliance Audit | Code Forking Audit |
| Code Patch Audit | ||
| Roadmap Audit | ||
| Top-up Program Audit |
Copyright © SlowMist Limited. All Rights Reserved. 闽ICP备18006755号 
闽公网安备35020302032841号