Services / SECURITY AUDITS
Fintech is a rapidly evolving industy involving complex technologies. Even a highly talented and experienced tech team can gain from independent third-party advice.
Different projects at various points in their lifecycle will have different needs and possibilities. This is why Jita developed its audits offering.
Jita offers a wide range of audits: penetration testing, smart contracts, DLT, architecture reviews, in-depth internal audits.
Is your system safe from third parties? What would happen if one of your users lost their password? Could a rogue user takes unexpected actions?
Focus: conditional access control procedures, API endpoints, information confidentiality, checks for known vulnerabilities
Smart contracts are particularly sensitive systems. They are hard to design right, hard to upgrade once deployed, and their fully automated nature makes corrective actions problematic or even impossible in some cases.
Focus: conditional access control procedures, input validation, system architecture, anti patterns, test coverage evaluation, reentrance checks, upgrade risks, assembly.
Are you sure your system is secure? Can it protect all its users, now and in the future? Will timeliness and security promises be met in all cases? What if a hostile client connected to the system?
Focus: system design, verification of consensus algorithms, identification and audit of all possible attack vectors, defense in depth.
During your project development, we provide early feedback on your architecture choices. This helps to reduce the attack surface and minimize expensive mistakes by catching potential problems early on.
Focus: identify architecture risks before all code has been implemented, to eliminate many risks at the source.
In-depth internal audits
full in-depth product audit. Especially useful for complex systems, to verify interactions between all components, all actor actions and operational risks.
Focus: identification of all components and review of individual specifications. Verification of each component functional conformity to specification. Control of third party dependencies and review of build and deployment systems. Identification and risk evaluation of all potential attack vectors.