6 May 2021

The Jigstack — Cyrex Partnership

Security Blockchain News

Cyrex joins forces with Jigstack to further enhance security through penetration testing

Earlier this year, Jigstack collaborated with the team at Cyrex for a full penetration and load test of our services, including the Lemonade platform. For those of you unfamiliar with Cyrex they are a company that specializes in secure software development and application penetration testing. They are a group of native cybersecurity professionals with a world-class understanding of programming languages and culture. Founded by award-winning digital security experts Mathieu Huysman and Tim De Wachter.

Security Partnership

Cyrex was founded in 2015 with a vision to help drive innovation and creativity in the tech industry by helping develop and secure the applications that empower businesses to do and be more. The team’s unique blend of technical expertise and creative thinking led them to constantly push the boundaries of both cybersecurity and software development — combining their prowess in both to create bulletproof security solutions and reliable applications and software that withstand the test of time. Kaue, the Lead ETH Dev at Jigstack, worked closely with the Cyrex team during the full penetration and load tests of our services and had this to say about the experience: Working with Cyrex was an awesome experience all around. Even with time zone differences, communication was smooth and really easy, which is really important when working against a tight deadline. Cyrex’s analysis and tests were all precise and really well explained, without sacrificing agility or comprehensiveness. They also ended up being crucial for the security and performance of our platform, so I can easily say Jigstack is satisfied with the work delivered and we’re keen to work once again with such a talented team.

Common Vulnerabilities

Over the course of Cyrex penetration testing, a variety of vulnerabilities were discovered in our services. These findings were sent to our team attached with a comprehensive breakdown as well as a list of recommendations to deal with each vulnerability. We were extremely impressed with the quality of the vulnerability review and recommendations they were able to provide us. There is no need to worry about protocol vulnerabilities now as we have already finished the integration of the recommendations to our products! To give a bit more detail of the testing at Cyrex, they look for common vulnerabilities such as:

Remote Code Execution
SQL Injection
Path traversal attacks
File upload vulnerabilities
Parameter tampering
Access control flaws
Transport layer security, Business logic, and Authentication flaws
SMTP, Header, and JSON Injection
XML Injection / Code Execution

The testing also included common smart contract and blockchain vulnerabilities such as:

Re-entrancy Attacks
Over & Underflow attacks
Block Gas Limit
Front Running

Load Testing

For those who are unaware, load testing is an orchestrated push of packets and user interactions onto a platform to see when and where a system struggles or fails given a certain load. The point of this is to test anticipated volumes of interactions to ensure our products and services won’t fault from usage. Cyrex has developed load testing scripts to simulate real-user behavior and tested a variety of functionalities. These included:

Account registration and login
Activation of emails
Campaign management (create, browse campaigns & transactions)
Buying crypto tokens

Thanks to the load testing exercise, Cyrex was able to identify several issues that were causing bottlenecks when it came to handling large amounts of traffic.

Lemonade — Cyrex Connection

Cyrex determined that the overall security maturity of Lemonade is of high standard and will meet the risk appetite of any end-user. All suggested patches were implemented in a correct manner and the application and smart contracts were tested and validated thoroughly by Cyrex’s application security experts. Cyrex performed a penetration test on the Lemonade web application, its API, and accompanying smart contracts. This test was performed from the 11th of February 2021 to the 16th of February 2021. During the penetration test, strict protocols, guidelines, and a unique workflow were followed. Different frameworks were integrated into this process flow which is in line with the ethical hacking procedures. The process involved an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities. Below you can see a chart of the CPU usage required for the Lemonade platform during the STAK IDO. The more users that interact with the Lemonade platform, the higher the demand on the server. The CPU usage for Lemonade peaked at 174.48, with a total of 1024 CPUs entering the site simultaneously.

We were more than prepared for this launch as the interaction with the IDO only represents 17% capacity on Lemonades servers. As more tokens begin to launch through the use of Lemonade, and more interactions from various users, we will be adjusting the server/network requirements accordingly. Whether 1 token is launching or 100, we aim for security, ease of use, and robustness at all points in time for the Lemonade platform.

Jigstack Cyrex Conclusion

We were thrilled the team at Cyrex was willing to perform penetration testing on our Jigstack protocol and are very impressed with the results and professionalism they embodied throughout the entire testing phase. It was a delight for Cyrex to be involved in ensuring Jigstack’s safety, security, and reliability of our protocols. This is what Mathieu, COO & Co-Founder at Cyrex had to say about partnering with us: The partnership with JigStack has been excellent throughout the entire collaboration. JigStack consists of a team of talented people with a clear vision. Security is a topic that is taken very seriously at JigStack, this to protect both their end users and business. Working with JigStack has been a true pleasure, great communication and clear instructions made things easy to adapt to the needs of JigStack. Security is of utmost importance at Jigstack and having Cyrex as a part of the team is great news for the future of our Jigstacks products. We now have a reliable, secure, and professional group of cybersecurity professionals by our side!

Our Services <img src="/wp-content/uploads/2023/05/Vector.png">

Our Products <img src="/wp-content/uploads/2023/05/Vector.png">

PENETRATION TESTINGIndustry-leading penetration testing from Cyrex.

ONLINE GAMESKeep your players and users secure online.

APPLICATION SECURITYFortify Your Digital Frontier: Safeguarding Applications and Software.

WEB3 SECURITYDefend the Future of Web3: Unleash Unbreakable Security Solutions.

SMART CONTRACT AUDITSUnlock the Power of Smart Contracts: Audit with Confidence, Trust with Certainty.

NETWORK AUDITSUnveiling the Hidden Vulnerabilities: Network Audits for Uncompromising Security.

SECURITY REPORTDownload our free security audit report template.

CYREX PROTOCEPTORAny network traffic, any platform, any tech stack.

Our Services <img src="/wp-content/uploads/2023/05/Vector.png">

Our Products <img src="/wp-content/uploads/2023/05/Vector.png">

LOAD TESTINGUnleash Performance Potential: Load Testing for Seamless Success.

STRESS TESTINGRise Above the Rest: Cyrex Spike Testing for Peak Performance Assurance.

PEAK TESTINGReach New Heights with Confidence: Cyrex Peak Testing for Performance Peaks.

SOAK TESTINGDive Deep, Test Strong: Soak Testing for Enduring Performance.

SPIKE TESTINGSurge Ahead, Uncover Strengths: Spike Testing for Performance Spikes.

CYREX SWARMGroundbreaking Load Testing Platform

Our Services <img src="/wp-content/uploads/2023/05/Vector.png">

SaaS DevelopmentCutting-Edge SaaS Solutions.

Decentralized ApplicationsEmpowering your business for the future.

API DevelopmentSeamless Integration. Powerful APIs.

Smart Contract DevelopmentEffortless and secure transactions with smart contracts.

Bridge DevelopmentEnhancing your connections to Web3 and beyond.

PortingUpdate your outdated code into a modern technology stack.

AutomationTransform your business with development automation.

PENETRATION TESTINGIndustry-leading penetration testing from Cyrex.

ONLINE GAMESKeep your players and users secure online.

APPLICATION SECURITYFortify Your Digital Frontier: Safeguarding Applications and Software.

WEB3 SECURITYDefend the Future of Web3: Unleash Unbreakable Security Solutions.

SMART CONTRACT AUDITSUnlock the Power of Smart Contracts: Audit with Confidence, Trust with Certainty.

NETWORK AUDITSUnveiling the Hidden Vulnerabilities: Network Audits for Uncompromising Security.

SECURITY REPORTDownload our free security audit report template.

CYREX PROTOCEPTORAny network traffic, any platform, any tech stack.

LOAD TESTINGUnleash Performance Potential: Load Testing for Seamless Success.

STRESS TESTINGRise Above the Rest: Cyrex Spike Testing for Peak Performance Assurance.

PEAK TESTINGReach New Heights with Confidence: Cyrex Peak Testing for Performance Peaks.

SOAK TESTINGDive Deep, Test Strong: Soak Testing for Enduring Performance.

SPIKE TESTINGSurge Ahead, Uncover Strengths: Spike Testing for Performance Spikes.

CYREX SWARMGroundbreaking Load Testing Platform

SaaS DevelopmentCutting-Edge SaaS Solutions.

Decentralized ApplicationsEmpowering your business for the future.

API DevelopmentSeamless Integration. Powerful APIs.

Smart Contract DevelopmentEffortless and secure transactions with smart contracts.

Bridge DevelopmentEnhancing your connections to Web3 and beyond.

PortingUpdate your outdated code into a modern technology stack.

AutomationTransform your business with development automation.

The Jigstack — Cyrex Partnership

Cyrex joins forces with Jigstack to further enhance security through penetration testing

Security Partnership

Common Vulnerabilities

Load Testing

Lemonade — Cyrex Connection

Jigstack Cyrex Conclusion

We use cookies

Our Services

Our Products

Our Services

Our Products

Our Services