(+84) 247 109 9656

Audit Report - HeroFi

Type of audit

Pentest

Language

N/A

Testing method

blackbox

Request date

2021-12-07T17:00:00.000Z

Revision date

2021-12-15T17:00:00.000Z

Status

completed

Target distribution

About BraveZone Co.Ltd

Bravestars is one of the top game development studios in Vietnam. Starting with 4 young gamers who dreamt of bringing local culture to the world of video games, Bravestars has grown into a team of 60. Throughout the journey, we published more than 70 games with a total of over 300 million downloads and a dozen of global feature nominations by Google Play and App Store. LaunchZone is the first and best incubator on Binance Smart Chain. They currently have 70k holders, 150k followers on Twitter, and 47k members on Telegram. With an amazing community and excellent products, LaunchZone was titled Star Project by Binance Smart Chain. LZ Swap (formerly SwapX) ranks 4th on the list of Top Decentralized Exchanges and ranks 2nd in terms of users (Dapp Radar).

Type

platform

Platform

N/A

Owner

BraveZone Co.Ltd

Industry

blockchain

Assessment Checklist

Overall Security
OWSAP Top 10
Mobile Security

Application Deployment and Configuration

Ensure server configuration, network infrastructure, web applications, files are handled correctly and securely.

User Identity Management

The application manages user identities well and does not cause problems in all use cases.

Authentication mechanism

Make sure the application's authentication mechanism has a reasonable logic, preventing the possibility of authentication bypass.

Decentralization mechanism

Check for privilege escalation, decentralization, or path traversal vulnerabilities.

Session management mechanism

Check for errors related to cookies and sessions.

Input data validation mechanism

Check for Reflected XSS, Stored XSS, SQL injection and other injection errors.

Error control ability

Ensure errors are handled properly and do not expose sensitive information through error notifications.

Encode

Test the application's encryption algorithms.

Business logic of the application

Check application integrity, conflict, and responsiveness.

Client-side issues

Check for security flaws that can be exploited from the client side.

About Penetration Testing Service

Pentest service is a security assessment solution provided by CyStack Security to our customers. In this test, security experts usually try to penetrate to customers’ applications to find vulnerabilities that might be exploited by hackers. The test aims to find as many vulnerabilities as possible, in order to secure networks and applications.

Pentest Tools

CyStack Web Security
Nessus
ZAP
Burp Suite
Nmap
XSS proxy
Curl
wget
Google Hack
Immunity Canvas
Intrigue
Wfuzz
Chrome
SQLninja
and 57 more