Cybersecurity Penetration Testing on the Ethereum Blockchain
Today’s computing environment is dynamic and complex. Demand for cybersecurity professionals exceeds supply as hackers develop ever more advanced schemes that target countless companies, both large and small.
A 2017 Global Information Security Workforce Study (GISWS) joint report from Frost & Sullivan and the International Information Systems Security Certifications Consortium, Inc. (ISC)2 forecasted that the number of unfilled job offers in cybersecurity will surpass well over 1.8 million by 2022. Demand resulting from IoT or other smart technology implementations is likely to be part of this cybersecurity growth.
Gartner is predicting that information security will require $93 billion in spending globally during 2018. Any type of company and just about any kind of software could be at risk. When authentication isn’t tamper-proof, or when email or other private data are exposed, a company, whether large or small, could be subject to legal action.
Buglab will offer a unique, competitive, incentivized, and easy-to-use platform to address this widespread and growing business need. Buglab will assist companies, whether in IT, financial services, or in retail, to identify and mitigate cybersecurity gaps they may not (but should) know about.
The Buglab platform detects and remedies vulnerabilities on various business applications, websites, mobile applications, Internet of Things (IoT) devices , and smart contracts by transforming penetration test services into challenges, referred to as contests, for a community of independent information security consultants with certified qualifications.
The solution makes cybersecurity services accessible to even the very smallest enterprises that typically lack both the resources and budget to tackle cybersecurity vulnerabilities using traditional means.
Impacts on Return on Investment (ROI) are difficult to quantify, so it takes time for companies to recognize the need for cybersecurity services.
For all-too-many enterprises, as well as individuals with any digital assets on their websites (content included), it often takes a breach into their system before they take action to shore up security. Corporations are often aware that their levels of computer security fall short. However, finding and placing qualified cybersecurity professionals is time intensive and costly. Regulation requirements to protect personal data add another layer of complexity for cybersecurity solutions. According to a ETH Zurich conference workshop, by the year 2025, there will be more than 50 billion online devices. A significant portion of the information stored across all of these ecosystems will need protection. The cybersecurity market is likely to grow non-linearly to address needs in this space. Meanwhile, the victims of cyber attacks rarely advertise that they have been targets, unless they must, and data vulnerabilities are rarely first priority as product gets rushed to market, so it is difficult, if not impossible, to get exhaustive statistics about cyberattacks details, including their frequency or their impact on ROI. However, one aspect is absolutely certain: the trend is decidedly on the rise, with some widely-known geopolitical impacts.
The method offered by Buglab deploys expertise and smart contracts across the blockchain.
A blockchain is a thread of digital records across which different types of data are stored. Together, these distributed (or decentralized) records make up a database similar to the pages of a large ledger book. These virtual ledgers are hosted across many servers, which helps verify and authenticate any given transaction. It is an intense numerical process, across many machines hosted by countless participants, or miners. See also Advantages of Using the Blockchain to Reshape Pentesting. Yet even on the blockchain, by design a less vulnerable environment than centralized systems, the appeal of monetary gain in the blockchain environment is enticing attackers. The equivalent of nearly $8 million was stolen from CoinDash in July 2017, all within minutes of the ICO launch, as reported by CoinDesk, an industry publication. CoinDash, which offered an exchange platform for decentralized trading, saw the digital assets syphoned as a hacker simply took over CoinDash’s official website and replaced the corporate Ethereum address with his own Ether wallet address. Participants who believed they were sending Ether to CoinDash, were in fact sending them directly to the hacker. A more recent case was the result of compromised libraries at Parity Wallet. About $300 million in Ether was locked accidentally right after a fix was implemented on a different vulnerability. In the first case, a hacker exploited a vulnerability and walked with some $32 million. But the drama didn’t end there. As Parity explained it, “It is our current understanding that this vulnerability was triggered accidentally on 6th Nov 2017 … a user deleted the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable and funds frozen since their logic (any state-modifying function) was inside the library”. So, as of early November 2017, those digital assets remained frozen. There have certainly been other claims of stolen assets. It’s an emerging problem in a rapidly-changing industry. As blockchain is an emerging technology, few of the cases are widely understood.
Traditional options for fighting cybercrime are not feasible for small businesses and organizations. The cost of two common strategies outlined here rapidly becomes out of reach for all but large enterprises.
Penetration tests performed by a cybersecurity consulting firm:
Requires that clients pay for the service in terms of total billable hours, regardless of the test results. The majority of penetration tests performed by consulting firms are done by one, maybe two pentesters. This means that the client is only able to take advantage of the methodology and skillset of two consultants.
Bug Bounty challenges:
Information security researchers are paid on a per-vulnerability-uncovered basis. Companies often end up getting charged to fix issues not entirely consequential to their revenue or customers. This is described in more detail in the next section.
Classic cybersecurity consulting companies often only send reports at the end of their research, often in a text-type format that is difficult to get much out of (Word, Excel, PDF, and the like).
The Buglab platform links organizations that have information security needs, which is just about all of them, with a community of certified cybersecurity penetration testers in an incentivized environment, where testers are rewarded when they uncover system vulnerabilities, ranked by severity and potential impacts. It’s done as a race against time. Importantly, finding unique vulnerabilities is ranked above simply producing a list of issues.
Core Features of the Buglab Platform
The Buglab platform enables customers to either use the mass of pentesters or choose a validated team from a known company. Teams must include no fewer than five pentesters. A variety of customizations are available, specific to your organizational needs. Some of the features envisioned are highlighted next.
Public Contest
Once a company has provided basic information and launched the contest, the community receives a public invitation to participate.
Private Contest
Clients also have the option to choose a select number of pentesters from the community or choose a validated team from a known cybersecurity firm to complete the challenge
Selection Filters
Clients have the option during a private challenge of selecting pentesters using different filters. These include country, score, skillset, etc.
Triage System
Vulnerabilities reported go through our sorting system to identify duplicates before landing on the customer’s dashboard. The customer is guaranteed to only get notified about relevant submissions.
Reports
The company receives reporting on it’s security contests. This feature summarizes each contest’s performance and allows the client to graphically compare the security status and progress of its assets.
Client-Managed
The company can choose from three types of contest management (Basic, Pro, and Enterprise). In the case of the latter, the client is responsible for sorting, classifying and grading reports.
Mediation
When a customer opts to manage their challenge themselves, a pentester from the community can ask for mediation from Buglab. This mediation may be required in the event that a pentester deems the score or validation to be inaccurate. A Buglab team can obtain details regarding the cause of the disagreement and evaluate it impartially.
Leaderboard
A dashboard offers ranking of pentesters from the community according to experience and results on the platform. This provides greater visibility for the best pentesters and makes it easier to select participants for a private challenge.
Chat
Every vulnerability report is a chance to engage in conversation with pentesters and to obtain their help fixing it.
Fix Companion
At the Enterprise level, Buglab will verify that the fix has been implemented.
My Conclusion: In today’s situation every people has involve in cyber lifestyle that’s why there is always a risk for a Cyber Crime not only for the risk of your privacy but also in money involvement like ICO scams and other ways to gain easy money. There are some hacker that really focus in destroying or cyberworld but worry no more because I see a huge potential in this project to stop the Cyber Crimes that always happens in cyber world everyday ! I am really glad that there is a project that focuses in cyber crimes there are so many bounty or ICO that has same and usual project but this one is unique so I really recommend everyone to fully support BUGLAB and its team for the greater safety of cyber world ! This is not only intended to gain investors but also for people to see clearly how this project could help everyone ! :) #BUGLAB for 2018!
If you are a Bounty Hunter and want to participate or join in BUGLAB and its beautiful community — Bounty is still ongoing ! Hurry up and grab your own spot just click link Below to Join !
https://www.buglab.io/bounty/?r=@ljmontero159
There is still more that you need to know about BUGLAB ! If you want to be amazed and contribute in this project just check out this links below:
Bounty: https://bitcointalk.org/index.php?topic=4446991.0
Website: https://buglab.io/
WP: https://buglab.io/assets/docs/Buglab_WhitePaper.pdf
Twitter: https://twitter.com/joinbuglab
FB: https://www.facebook.com/buglab.co
Telegram: https://t.me/buglab
Reddit: https://www.reddit.com/r/buglabProject/
Username: sheynlee18
My BTT Account Link: https://bitcointalk.org/index.php?action=profile;u=2182909
My Telegram: @ljmontero159
-CryptoJhin <3
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://buglab.io/assets/docs/Buglab_WhitePaper.pdf
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit