The penetration test for Jigstack was performed under our White Box penetration testing service.
Due to its nature as a custom-coded financial application built on the blockchain, it required this deep dive into security. We tested the web application, the integration of smart contracts, and the API. Our testing also extended to load and performance testing, as they expected a huge amount of traffic and transactions daily.
Some of the common vulnerabilities we test for are:
- Remote Code Execution
- SQL Injection
- Path traversal attacks
- File upload vulnerabilities
- Parameter tampering
- Access control flaws
- Transport layer security, Business logic, and Authentication flaws
- SMTP, Header, and JSON Injection
- XML Injection / Code Execution
However, given the blockchain nature of this client, we also tested for some specific vulnerabilities. These are commonly exploited with smart contract and blockchain technologies:
- Re-entrancy attacks
- Over & Underflow attacks
- Block Gas Limit
- Front Running
Results
We found a number of vulnerabilities across our source code and penetration tests. Thanks to our discoveries, the team at Jigstack were able to secure themselves against potential malicious actors. Once they had completed patching, we then ran full sanity and regression tests. In addition, they were able to scale and prepare for a high load of users and traffic on a regular basis.
“Working with Cyrex was an awesome experience all around. Even with timezone differences, communication was smooth and really easy, which is really important when working against a tight deadline. Cyrex’ analysis and tests were all precise and really well explained, without sacrificing agility or comprehensiveness. They also ended up being crucial for the security and performance of our platform, so I can easily say Jigstack is satisfied with the work delivered and we’re keen to working once again with such a talented team.”
Jigstack