Cresco is your partner in Blockchain security

Blockchain cybersecurity services

Applications using blockchain are often targeted by hackers and can also contain vulnerabilities that can be exploited. The objective of our blockchain pentesters is to lay bare any vulnerabilities or security misconfigurations in the entire environment linked to the blockchain and set up the necessary protections.

Blockchain architecture and compliance

Technically, the blockchain is like a server that keeps all the required information in one place in order to be easy to update. The structure of blockchain technology is represented by a list of blocks that can be stored as a flat file (txt. format) or in the form of a simple database. In the case of the distributed network of blockchain architecture, each collaborator in the network will interact (maintain, approve, and update) the new entries. blockchain systems are controlled by everyone. Each collaborator ensures the results in data validity and security. Blockchain architecture can serve the following purposes :

  • Cost reduction
  • History of data
  • Data validity & security

Multiple blockchain architecture exist :

  • Public blockchain architecture
  • Private blockchain architecture
  • Consortium blockchain architecture

We can provide security services for all the security phases of a blockchain project.

API testing

Most of the companies rely on APIs without being aware of it. APIs are growing faster than ever, many vulnerabilities come with this fast growth, making API security testing particularly important. In API testing, we ensure that all the interactions in applications in the blockchain ecosystem are secured. In order to do that, we provide a wide range of cybersecurity experts and ethical hacking consultants that will reproduce threat actors' techniques in order to highlight all the vulnerabilities of the API in order to secure them as soon as possible.

Integration testing

Blockchain is an ecosystem that includes a lot of components that need to work together, integration testing is used to test the integration between these components and different parts of the system. In order to be functional in the long run, integration test need to be done properly and frequently, to ensure that all the components are properly integrated. The different APIs associated with these components also need to be tested to ensure their compatibility with each other.

Performance testing

With performance we refer to the applications speed. The performance is based on the size of the network, the sequence of transaction at each node, the transaction process speed, the interfacing of the user/system with the response required from smart contract and transactions are tested in this type of testing. Performance tests are important due to the usual high number of transactions and their size that directly impact the performance of a block (or an application), these tests are critical for a project because they are used to identify hardware and software weak points.

Security testing

Security testing will go through all the possible known flaws (OWASP guidelines, DDOS, multiple OSI layer flaws, identity layer of blockchain app, zero day,…) in order to identify all the vulnerabilities that can exist in a project. Security testing also covers the authorization and authentication systems in place. In a blockchain environment, security testing also covers the testing of wallet signature methods, private keys/encryptions, consensus algorithms, and application dependencies.

Smart contract testing

The testing of smart contracts is a mandatory phase of any blockchain project. Smart contracts are software modules on the blockchain that automatically execute transactions. The test of a smart contract has multiple benefits for a project. We will determine and highlight any unexpected behavior, analyze the best practice during the development cycle, implement inconsistency between specification and implementation, review and identify defective design, logic, and access control, check integer overflow, and check known contract vulnerabilities such as loops for miner attacks on timestamp, orders and transaction order dependency (TOD) as well as re-entrance, code injection or performance blocking attack.