(+84) 247 109 9656

Audit Report - Tycoon

Type of audit

Pentest

Language

N/A

Testing method

blackbox

Request date

2021-06-14T17:00:00.000Z

Revision date

2021-10-14T17:00:00.000Z

Status

completed

Target distribution

About Tycoon JSC

Tycoon serves as a secured interface between professional traders and end users. All activities of the traders are monitored via a secured API connection in real time and can be copied to a follower’s portfolio automatically. Each user manages his own investments at his preferred exchange, being able to access his portfolio at any time.

Type

platform

Platform

N/A

Owner

Tycoon JSC

Industry

blockchain

Assessment Checklist

Overall Security
OWSAP Top 10
Mobile Security

Application Deployment and Configuration

Ensure server configuration, network infrastructure, web applications, files are handled correctly and securely.

User Identity Management

The application manages user identities well and does not cause problems in all use cases.

Authentication mechanism

Make sure the application's authentication mechanism has a reasonable logic, preventing the possibility of authentication bypass.

Decentralization mechanism

Check for privilege escalation, decentralization, or path traversal vulnerabilities.

Session management mechanism

Check for errors related to cookies and sessions.

Input data validation mechanism

Check for Reflected XSS, Stored XSS, SQL injection and other injection errors.

Error control ability

Ensure errors are handled properly and do not expose sensitive information through error notifications.

Encode

Test the application's encryption algorithms.

Business logic of the application

Check application integrity, conflict, and responsiveness.

Client-side issues

Check for security flaws that can be exploited from the client side.

About Penetration Testing Service

Pentest service is a security assessment solution provided by CyStack Security to our customers. In this test, security experts usually try to penetrate to customers’ applications to find vulnerabilities that might be exploited by hackers. The test aims to find as many vulnerabilities as possible, in order to secure networks and applications.

Pentest Tools

CyStack Web Security
Nessus
ZAP
Burp Suite
Nmap
XSS proxy
Curl
wget
Google Hack
Immunity Canvas
Intrigue
Wfuzz
Chrome
SQLninja
and 57 more