{{ .Title | default .Site.Title }} Logo

CYBERSECURITY

CryptoCoin.pro became in a very short period one of the best places to buy, sell and store your cryptocurrencies. Working with our customers’ money & cryptocurrencies was from the beginning a great responsibility.


The team is working continuously to release more features, scale the infrastructure and improvefunctionalities and overall experience so in order to mitigate the risks and vulnerabilities that might appear on the way, we started to collaborate with a team of cybersecurity certified experts. Bit Sentinel is a cybersecurity professional service provider with world-wide proven records in penetration testing, secure code review and incident response capabilities.

bit sentinel

The team from Bit Sentinel has a complete skill-set ready to cover every aspect of our cyber security needs. In order to address our main concerns, we took a full grey box security audit, addressing different perspectives:

  • an unauthenticated user that is visiting our website without any inside network knowledge
  • a verified customer without any access to special privileges or inside network knowledge
  • a special privileged user that has access to administrator/support-related functionalities but no inside network knowledge
  • an employee with access to different levels of access in the network
  • a manual full source code review

All the simulated attacks had access only to publicly available information or additional information gathered during the first phases of the engagement.


Every engagement follows some certain steps in order to define expectations and scope:

1

Pre-engagement Interactions when provider understands our main concerns, what we expect from the provider, what are the limitations of engagement

2

Intelligence and Information Gathering & Threat Modeling is the phase when Bit Sentinel gather intelligence to better understand how the define target works and its potential vulnerabilities based on Open Source Intelligence (OSINT) and other in-house developed methodologies

3

Vulnerability Analysis and Exploitation phase is the step when certified security specialists look for weaknesses in existing functionalities, following world-wide recognised standards for each type of asset defined in the scope:

  • - Web Application vulnerabilities
  • - Network assets vulnerabilities
  • - Infrastructure Design issues
  • - Memory-based vulnerabilities
  • - Wi-Fi vulnerabilities
  • - Zero-Day Angle
  • - Physical vulnerabilities
  • - Social engineering
4

Post Exploitation, Pivoting and Privilege Escalation is the phase the provider will address any privilege escalation or lateral movement related activity to check internal security measures or see what an attacker can do once he obtain some elevated privileges

5

Reporting phase is when the provider works at the deliverables that basically contain executive summary, information about the methodology used and tests performed in the engagements, detailed report for each vulnerability discovered including (impact score, the risk explained, how to replicate, how to fix the issue etc) and tactical guidance for immediate improvement and strategic recommendations for long-term enhancements

6

Retesting phase is the final step, when the cyber security provider performs another check to see if the vulnerabilities were fixed, this also helps us track our progress after we’ve implemented the remedial actions they’ve recommended

Eversince, Cryptocoin.pro is monthly reviewing all the code changes to spot potential vulnerabilities in the newly introduced code and fix all the issues reported. After fixing any bug,we also ask Bit Sentinel to perform a retest to make sure we don’t miss anything.


Moreover, Cryptocoin.pro took additional enterprise-level security measures such as safe coin storage, 2 Factor Authentication, fully encryption over data stored and platform security updated to best industry practices.

Despite all the efforts we put in the security of our systems, vulnerabilities might still be present somewhere. If you discovered a potential vulnerability, please contact us and our team will review your report and fix the issue, when appropriate.

AS SEEN IN:

Get started