SERVICES / SECURITY AUDITS
Is your company blockchain product secure?
All projects security requirements evolve over their lifecycle. Jita developed its audits offering to meet these requirements.
Jita offers the following security audit services: smart contracts, new Layer-1 and Layer-2 blockchain protocols, product security audits, penetration testing and red teaming.
You can find some of our audits here.
Smart Contracts Security Audits
Jita Digital has extensive experience in developing, testing, deploying and auditing smart contracts in Solidity, Rust, C++.
Smart contracts are highly exposed to security attacks. By their nature, they are directly accessible to any attacker with an Internet connection. They are difficult to develop as they often use domain specific and complex programming languages. Their execution environment is unfamiliar for most developers. The composability of smart contracts open new opportunities and creates new risks. Finally, they often store and manipulate significant amount of financial assets, and their actions are final and immutable.
Focus: conditional access control procedures, input validation, system architecture, anti patterns, test coverage evaluation, reentrance checks, upgrade risks, assembly.
New Layer 1 and Layer 2 Protocols Security Audits
Are you sure your system is secure? Can it protect all its users, now and in the future? Will timeliness and security promises be met in all cases? What if a malicious client connected to the system?
Focus: system design, verification of consensus algorithms, identification and audit of all possible attack vectors, defense in depth.
Product Security Audits
Full in-depth product audit. Especially useful for complex systems, to verify interactions between all components, all actor actions and operational risks. This type of audit considers the frontend, the backend, the micro services architecture, the deployment mechanisms.
Focus: identification of all components and review of individual specifications. Verification of each component functional conformity to specification. Control of third party dependencies and review of build and deployment systems. Identification and risk evaluation of all potential attack vectors.
Penetration Testing
Is your system safe from unauthorized access? What would happen if one of your users lost their password? Can an end-user take unexpected actions?
Focus: conditional access control procedures, API endpoints, information confidentiality, checks for known vulnerabilities