Tycoon
Audit Projects > Tycoon
Audit Report - Tycoon
Type of audit
Pentest
Language
N/A
Testing method
blackbox
Request date
2021-06-14T17:00:00.000Z
Revision date
2021-10-14T17:00:00.000Z
Status
completed
Target distribution
About Tycoon JSC
Tycoon serves as a secured interface between professional traders and end users. All activities of the traders are monitored via a secured API connection in real time and can be copied to a follower’s portfolio automatically. Each user manages his own investments at his preferred exchange, being able to access his portfolio at any time.
Type
platform
Platform
N/A
Owner
Tycoon JSC
Industry
blockchain
Assessment Checklist
Application Deployment and Configuration
Ensure server configuration, network infrastructure, web applications, files are handled correctly and securely.
User Identity Management
The application manages user identities well and does not cause problems in all use cases.
Authentication mechanism
Make sure the application's authentication mechanism has a reasonable logic, preventing the possibility of authentication bypass.
Decentralization mechanism
Check for privilege escalation, decentralization, or path traversal vulnerabilities.
Session management mechanism
Check for errors related to cookies and sessions.
Input data validation mechanism
Check for Reflected XSS, Stored XSS, SQL injection and other injection errors.
Error control ability
Ensure errors are handled properly and do not expose sensitive information through error notifications.
Encode
Test the application's encryption algorithms.
Business logic of the application
Check application integrity, conflict, and responsiveness.
Client-side issues
Check for security flaws that can be exploited from the client side.
About Penetration Testing Service
Pentest service is a security assessment solution provided by CyStack Security to our customers. In this test, security experts usually try to penetrate to customers’ applications to find vulnerabilities that might be exploited by hackers. The test aims to find as many vulnerabilities as possible, in order to secure networks and applications.
Pentest Tools
