Blockchain Penetration Testing

Blockchain Protocol Audit

Cloud Security Audit

dApp Audit

Data Backup

Data Leak

Data Loss Prevention

Device Management

DevSecOps

CyStack Endpoint

Incident Response

Internal Network Audit

Malware Hunting

Managed Bug Bounty

Managed Security Service

On-chain Monitoring

Other

Partnership

Password Manager

Penetration Testing

Performance Testing

Red Teaming

Smart Contract Audit

Secrets Manager

Security Compliance

Security Monitoring

Security Operations Center (SOC)

Security Policy Development

Security Training

Source Code Audit

Trust Center

CyStack VulnScan

Vulnerability Assessment

Vulnerability Management

WhiteHub Bug Bounty

Since January 10, 2022, CyStack performed a security assessment and vulnerability management for Hasaki applications. The system is tested by leading Pen-testers at CyStack and a team of community experts on the WhiteHub platform. The purpose of this project is to identify security weaknesses, provide remedial recommendations, and provide continuous feedback, in order to minimize information security risks on the system at all times.

Từ ngày 10/01/2022, CyStack đã thực hiện đánh giá bảo mật và quản lý lỗ hổng cho các ứng dụng của Hasaki. Hệ thống được kiểm thử bởi các chuyên gia Pen-testers hàng đầu tại CyStack và một nhóm chuyên gia cộng đồng trên nền tảng WhiteHub. Mục đích của dự án này là xác định các điểm yếu về bảo mật, đưa ra các khuyến nghị khắc phục, đồng thời phản hồi liên tục, nhằm giảm thiểu tối đa rủi ro an toàn thông tin trên hệ thống tại mọi thời điểm.

AI Application Security

Large Language Model (LLM) Security

Excessive Agency/Permission Manipulation

LLM Output Handling

Prompt Injection

Training Data Poisoning

Algorithmic Biases

Aggregation Bias

Processing Bias

Application-Level Denial-of-Service (DoS)

App Crash

Malformed Android Intents

Malformed iOS URL Schemes

Critical Impact and/or Easy Difficulty

Excessive Resource Consumption

Injection (Prompt)

High Impact and/or Medium Difficulty

Automotive Security Misconfiguration

Automatic Braking System (ABS)

Unintended Acceleration / Brake

Battery Management System

Firmware Dump

Fraudulent Interface

Injection (Basic Safety Message)

Injection (Battery Management System)

Injection (Disallowed Messages)

Injection (DoS)

Injection (Headlights)

Injection (Powertrain)

Injection (Pyrotechnical Device Deployment Tool)

Injection (Sensors)

Injection (Steering Control)

Injection (Vehicle Anti-theft Systems)

GNSS / GPS

Spoofing

Immobilizer

Engine Start

Infotainment, Radio Head Unit

Code Execution (CAN Bus Pivot)

Code Execution (No CAN Bus Pivot)

Default Credentials

Denial of Service (DoS / Brick)

OTA Firmware Manipulation

Sensitive data Leakage/Exposure

Source Code Dump

Unauthorized Access to Services (API / Endpoints)

RF Hub

CAN Injection / Interaction

Data Leakage / Pull Encryption Mechanism

Key Fob Cloning

Relay

Replay

Roll Jam

Unauthorized Access / Turn On

Roadside Unit (RSU)

Sybil Attack

Blockchain Infrastructure Misconfiguration

Improper Bridge Validation and Verification Logic

Broken Access Control (BAC)

Exposed Sensitive Android Intent

Exposed Sensitive iOS URL Scheme

Insecure Direct Object References (IDOR)

Modify Sensitive Information(Iterable Object Identifiers)

Modify/View Sensitive Information(Complex Object Identifiers GUID/UUID)

Modify/View Sensitive Information(Iterable Object Identifiers)

View Non-Sensitive Information

View Sensitive Information(Iterable Object Identifiers)

Privilege Escalation

Username/Email Enumeration

Non-Brute Force

Broken Authentication and Session Management

Authentication Bypass

Cleartext Transmission of Session Token

Concurrent Logins

Failure to Invalidate Session

Concurrent Sessions On Logout

Long Timeout

On Email Change

On Logout (Client and Server-Side)

On Logout (Server-Side Only)

On Password Reset and/or Change

On 2FA Activation/Change

On Permission Change

SAML Replay

Session Fixation

Local Attack Vector

Remote Attack Vector

Second Factor Authentication (2FA) Bypass

Weak Login Function

Not Operational or Intended Public Access

Other Plaintext Protocol with no Secure Alternative

Over HTTP

Weak Registration Implementation

Client-Side Injection

Binary Planting

No Privilege Escalation

Non-Default Folder Privilege Escalation

Default Folder Privilege Escalation

Cross-Site Request Forgery (CSRF)

Action-Specific

Authenticated Action

Logout

Unauthenticated Action

Application-Wide

CSRF Token Not Unique Per Request

Flash-Based

Cross-Site Scripting (XSS)

Cookie-Based

IE-Only

Off-Domain

Data URI

Referer

Reflected

Non-Self

Self

Stored

Non-Privileged User to Anyone

Privileged User to No Privilege Elevation

Privileged User to Privilege Elevation

CSRF/URL-Based

TRACE Method

Universal (UXSS)

Cryptographic Weakness

Broken Cryptography

Use of Broken Cryptographic Primitive

Use of Vulnerable Cryptographic Library

Incomplete Cleanup of Keying Material

Insecure Implementation

Improper Following of Specification (Other)

Missing Cryptographic Step

Insecure Key Generation

Improper Asymmetric Exponent Selection

Improper Asymmetric Prime Selection

Insufficient Key Space

Insufficient Key Stretching

Key Exchage Without Entity Authentication

Insufficient Entropy

Initialization Vector (IV) Reuse

Limited Random Number Generator (RNG) Entropy Source

Predictable Initialization Vector (IV)

Predictable Pseudo-Random Number Generator (PRNG) Seed

Pseudo-Random Number Generator (PRNG) Seed Reuse

Small Seed Space in Pseudo-Random Number Generator (PRNG)

Use of True Random Number Generator (TRNG) for Non-Security Purpose

Insufficient Verification of Data Authenticity

Cryptographic Signature

Integrity Check Value (ICV)

Key Reuse

Inter-Environment

Intra-Environment

Lack of Perfect Forward Secrecy

Side-Channel Attack

Differential Fault Analysis

Emanations Attack

Padding Oracle Attack

Power Analysis Attack

Timing Attack

Use of Expired Cryptographic Key (or Certificate)

Weak Hash

Lack of Salt

Predictable Hash Collision

Use of Predictable Salt

Data Biases

Pre-existing Bias

Hasaki

Hasaki

Overview

Assessment Checklist

Organization

Deliverables

You are looking for a similar cybersecurity solution?

Protect your system,

protect the future of your business