Cresco is your partner in Blockchain security

Most of the companies rely on APIs without being aware of it. APIs are growing faster than ever, many vulnerabilities come with this fast growth, making API security testing particularly important. In API testing, we ensure that all the interactions in applications in the blockchain ecosystem are secured. In order to do that, we provide a wide range of cybersecurity experts and ethical hacking consultants that will reproduce threat actors' techniques in order to highlight all the vulnerabilities of the API in order to secure them as soon as possible.

Blockchain is an ecosystem that includes a lot of components that need to work together, integration testing is used to test the integration between these components and different parts of the system. In order to be functional in the long run, integration test need to be done properly and frequently, to ensure that all the components are properly integrated. The different APIs associated with these components also need to be tested to ensure their compatibility with each other.

With performance we refer to the applications speed. The performance is based on the size of the network, the sequence of transaction at each node, the transaction process speed, the interfacing of the user/system with the response required from smart contract and transactions are tested in this type of testing. Performance tests are important due to the usual high number of transactions and their size that directly impact the performance of a block (or an application), these tests are critical for a project because they are used to identify hardware and software weak points.

Security testing will go through all the possible known flaws (OWASP guidelines, DDOS, multiple OSI layer flaws, identity layer of blockchain app, zero day,…) in order to identify all the vulnerabilities that can exist in a project. Security testing also covers the authorization and authentication systems in place. In a blockchain environment, security testing also covers the testing of wallet signature methods, private keys/encryptions, consensus algorithms, and application dependencies.

The testing of smart contracts is a mandatory phase of any blockchain project. Smart contracts are software modules on the blockchain that automatically execute transactions. The test of a smart contract has multiple benefits for a project. We will determine and highlight any unexpected behavior, analyze the best practice during the development cycle, implement inconsistency between specification and implementation, review and identify defective design, logic, and access control, check integer overflow, and check known contract vulnerabilities such as loops for miner attacks on timestamp, orders and transaction order dependency (TOD) as well as re-entrance, code injection or performance blocking attack.