SlideShare a Scribd company logo

Smart Contract Security Testing

Download as PPTX, PDF
Dilum Bandara
Dilum Bandara

Security testing of smart contracts using static and dynamic testing. Blockchain (Ethereum) and smart contract language-related (Solidity) issues. Best practices and assessment frameworks. Tools and future directions.

Software
1 of 21
Dilum Bandara, PhD
 DApp architecture  Transaction (TX) functional testing  Smart Contract (SC) security  Blockchain platform  Infrastructure – especially for private & consortium chains  SC language & execution-environment  Integration with external systems  Data management  Cryptography & Key management  Access control & KYC  Scalability & Performance  Privacy  Business continuity & Disaster recovery  Governance & compliance 2
 Race conditions  Reentrancy  Cross-function race conditions  Deadlocks  Denial of Service (DoS)  Unexpected throw  Gas limit – SC calls & block  Arithmetic overflow/underflow  Timestamp & block number dependence  TX order dependence (front running)  Access control  SC language specific behaviour  In solidity SC owner is set at time of initialization  Short address attack in EVM 3
4 |
 Code smells – symptoms in that possibly indicate deeper problems 5 | [1] Chen, Jiachi, Xin Xia, David Lo, John Grundy, Daniel Xiapu Luo, and Ting Chen. “Domain Specific Code Smells in Smart Contracts,” arXiv preprint arXiv:1905.01467 (2019).
 Static  Code-level  Binary-level  Dynamic  Real-time  Historical data  Blackbox, Graybox, vs. Whitebox testing 6
 Fuzzing SCs for vulnerability detection  Fuzz testing  Automated testing by providing invalid, unexpected, or random data as inputs  Set of test oracles  Gasless send  Exception disorder  Reentrancy  Timestamp dependency  Block number dependency  Dangerous delegate calls  Freezing Ether [2] Jiang, Bo, Ye Liu, and W. K. Chan. “Contractfuzzer: Fuzzing smart contracts for vulnerability detection,” In Proc. 33rd ACM/IEEE Intl. Conf. on Automated Software Engineering, pp. 259-269. 2018. 7
 Testing  With 6,991 SCs  Better performance than Oyente  Critique  + Dynamic testing  - High rate of false negatives  - Depends on quality of test oracles  - Offline EVM 8
 Mutation testing – Fault-based software testing technique  Used to evaluate the adequacy of test cases [3] Wu, Haoran, Xingya Wang, Jiehui Xu, Weiqin Zou, Lingming Zhang, and Zhenyu Chen. “Mutation testing for ethereum smart contract,” arXiv preprint arXiv:1908.03707 (2019). 9
 10 general mutation operations  15 SC specific mutation operations  Mutation Score (MS)  Goodness of test coverage 10
 Critique  + Works on SCs as they are small  + Dynamic testing  - Too many false positives  - Too many cases to test  - Depends on mutation operators 11
 Automatic formal verification of SCs using abstract interpretation & symbolic model checking  Focuses on  Correctness – Safe programming practices  Fairness – Follow business logic  Technique  Policy builder  Abstract language to model SC behaviour  Source code translator  Solidity to LLVM bytecode  Add policy conditions as assert statements  Verifier  Check assertion violations [4] Kalra, Sukrit, Seep Goel, Mohan Dhawan, and Subodh Sharma. "ZEUS: Analyzing Safety of Smart Contracts." In Network and Distributed Systems Security (NDSS) Symposium, Feb. 2018. 12
Performance  Tested with 1,524 unique contracts  Found 94.6% of them to be vulnerable  Test within seconds  No false negatives & few false positives Critique  + Static testing  - User needs to provide policy document  - Can check only for pre-coded issues  - CPU & memory expensive  - No multi-function/contract testing 13
 Static analysis framework for SCs  Uses an intermediate representation called Slither  Supports security testing, code optimization, review, & user understanding [5] Feist, Josselin, Gustavo Grieco, and Alex Groce. “Slither: a static analysis framework for smart contracts,” In 2019 IEEE/ACM 2nd Intl. Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 8-15. IEEE, 2019. 14
[6] Parizi, Reza M., Ali Dehghantanha, Kim-Kwang Raymond Choo, and Amritraj Singh. "Empirical vulnerability analysis of automated smart contracts security testing on blockchains." In Proc. 28th Annual Intl. Conf. on Computer Science and Software Engineering, pp. 103-113. IBM Corp., 2018. 15
16 | Effectiveness Accuracy
 Avoid external calls  Finish all internal work before making external calls  Exception handling – Be aware of different function behaviour  Use libraries/languages that prevent overflow & underflow  Code reuse  Avoid multi-party contracts – One party may disappear  Explicitly set visibility of functions & variables  Favour pull over push – Let users withdraw funds  Keep fallback function simple  Upgradable contracts – No hardcoding of contract addresses  Rate limiting – No of calls & crypto  Use send() over call.value() – send() has a fixed gas limit of 2,300 17
 Consensus & network management  Security & incentives  Cryptography & Key management  Generation, distribution, use, & revocation  Access control & privacy  Use case relevancy  Data management  On-chain vs. off-chain  Chain defence  Integration  Scalability & performance  Business continuity & DR  CA & wallets  Governance & compliance [7] KPMG International, Realizing Blockchains Potential, 2018 18
19 | Applying framework
 Testing throughout SDLC  Manual inspection, threat modelling, code review, penetration testing  Identification of functional & non- functional security requirements  Details are more focused on penetration testing  Extensive set of test cases  Web-application specific  ISO/IEC 27034 cover some of the other aspects [8] OWASP Testing Guide v4.0, 2014 20
 Many static analysis tools  Dynamic analysis is more difficult  Handing ledger changes & high-throughput TX replay  Multi-contract & multi-TX support  Support for real-time debugging  Limited support for SC profiling & optimization  Effectiveness, accuracy, & coverage need to improve  Test frameworks & test methodologies need to cover BC-specific aspects  Coverage of other test areas – platform, SCs  BC-specific threat modelling  Extending tools beyond Solidity/Ethereum  Intermediate language based tools are better suited for this 21

Recommended

What's not a cloud
What's not a cloudWhat's not a cloud
What's not a cloudDilum Bandara
 
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Dilum Bandara
 
A Decision Model for Choosing Patterns in Blockchain-based Applications
A Decision Model for Choosing Patterns in Blockchain-based ApplicationsA Decision Model for Choosing Patterns in Blockchain-based Applications
A Decision Model for Choosing Patterns in Blockchain-based ApplicationsDilum Bandara
 
Content-Centric Networking (CCN)
Content-Centric Networking (CCN)Content-Centric Networking (CCN)
Content-Centric Networking (CCN)Dilum Bandara
 
Smart Contract Testing
Smart Contract TestingSmart Contract Testing
Smart Contract TestingDilum Bandara
 
Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageShakas Technologies
 
Privacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storagePrivacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storageparry prabhu
 
Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storagePapitha Velumani
 

Recommended

What's not a cloud
What's not a cloudWhat's not a cloud
What's not a cloudDilum Bandara
 
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Dilum Bandara
 
A Decision Model for Choosing Patterns in Blockchain-based Applications
A Decision Model for Choosing Patterns in Blockchain-based ApplicationsA Decision Model for Choosing Patterns in Blockchain-based Applications
A Decision Model for Choosing Patterns in Blockchain-based ApplicationsDilum Bandara
 
Content-Centric Networking (CCN)
Content-Centric Networking (CCN)Content-Centric Networking (CCN)
Content-Centric Networking (CCN)Dilum Bandara
 
Smart Contract Testing
Smart Contract TestingSmart Contract Testing
Smart Contract TestingDilum Bandara
 
Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageShakas Technologies
 
Privacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storagePrivacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storageparry prabhu
 
Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storagePapitha Velumani
 
identity-based distributed provable data possession in multi-cloud storage
identity-based distributed provable data possession in multi-cloud storageidentity-based distributed provable data possession in multi-cloud storage
identity-based distributed provable data possession in multi-cloud storageswathi78
 
PPT FOR IDBSDDS SCHEMES
PPT FOR IDBSDDS SCHEMESPPT FOR IDBSDDS SCHEMES
PPT FOR IDBSDDS SCHEMESSahithi Naraparaju
 
Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Finalyearprojects Toall
 
Privacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storagePrivacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storageLeMeniz Infotech
 
IPCA - Intelligent Protocol Content Analysis
IPCA - Intelligent Protocol Content AnalysisIPCA - Intelligent Protocol Content Analysis
IPCA - Intelligent Protocol Content AnalysisJoachim Surich
 
Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storagePapitha Velumani
 
Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Shakas Technologies
 
Identity based distributed provable data
Identity based distributed provable dataIdentity based distributed provable data
Identity based distributed provable datajpstudcorner
 
Authentication on Cloud using Attribute Based Encryption
Authentication on Cloud using Attribute Based EncryptionAuthentication on Cloud using Attribute Based Encryption
Authentication on Cloud using Attribute Based EncryptionAnkit Raj
 
Attribute based encryption with verifiable outsourced decryption
Attribute based encryption with verifiable outsourced decryptionAttribute based encryption with verifiable outsourced decryption
Attribute based encryption with verifiable outsourced decryptionIEEEFINALYEARPROJECTS
 
Privacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storagePrivacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storageMustaq Syed
 
Attributes based encryption with verifiable outsourced decryption
Attributes based encryption with verifiable outsourced decryptionAttributes based encryption with verifiable outsourced decryption
Attributes based encryption with verifiable outsourced decryptionKaashivInfoTech Company
 
Attribute-Based Encryption for Cloud Security
Attribute-Based Encryption for Cloud SecurityAttribute-Based Encryption for Cloud Security
Attribute-Based Encryption for Cloud SecurityMphasis
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud.ppt
Privacy Preserving Public Auditing for Data Storage Security in Cloud.pptPrivacy Preserving Public Auditing for Data Storage Security in Cloud.ppt
Privacy Preserving Public Auditing for Data Storage Security in Cloud.pptGirish Chandra
 
Attribute based encryption in cloud with significant reduction reviw2
Attribute based encryption in cloud with significant reduction reviw2Attribute based encryption in cloud with significant reduction reviw2
Attribute based encryption in cloud with significant reduction reviw2Naveena N
 
a novel approach for data uploading
a novel approach for data uploadinga novel approach for data uploading
a novel approach for data uploadingIJAEMSJORNAL
 
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detection
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detectionIEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detection
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detectionmadhucharis
 
Final_attribute based encryption in cloud with significant reduction of compu...
Final_attribute based encryption in cloud with significant reduction of compu...Final_attribute based encryption in cloud with significant reduction of compu...
Final_attribute based encryption in cloud with significant reduction of compu...Naveena N
 
A Survey of Techniques against Security Threats in Mobile Ad Hoc Networks
A Survey of Techniques against Security Threats in Mobile Ad Hoc NetworksA Survey of Techniques against Security Threats in Mobile Ad Hoc Networks
A Survey of Techniques against Security Threats in Mobile Ad Hoc Networksdrsrinivasanvenkataramani
 
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...Asma Swapna
 
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...Alan Quayle
 
Multi-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentMulti-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentIRJET Journal
 

More Related Content

What's hot

identity-based distributed provable data possession in multi-cloud storage
identity-based distributed provable data possession in multi-cloud storageidentity-based distributed provable data possession in multi-cloud storage
identity-based distributed provable data possession in multi-cloud storageswathi78
 
Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Finalyearprojects Toall
 
Privacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storagePrivacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storageLeMeniz Infotech
 
IPCA - Intelligent Protocol Content Analysis
IPCA - Intelligent Protocol Content AnalysisIPCA - Intelligent Protocol Content Analysis
IPCA - Intelligent Protocol Content AnalysisJoachim Surich
 
Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storagePapitha Velumani
 
Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Shakas Technologies
 
Identity based distributed provable data
Identity based distributed provable dataIdentity based distributed provable data
Identity based distributed provable datajpstudcorner
 
Authentication on Cloud using Attribute Based Encryption
Authentication on Cloud using Attribute Based EncryptionAuthentication on Cloud using Attribute Based Encryption
Authentication on Cloud using Attribute Based EncryptionAnkit Raj
 
Attribute based encryption with verifiable outsourced decryption
Attribute based encryption with verifiable outsourced decryptionAttribute based encryption with verifiable outsourced decryption
Attribute based encryption with verifiable outsourced decryptionIEEEFINALYEARPROJECTS
 
Privacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storagePrivacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storageMustaq Syed
 
Attributes based encryption with verifiable outsourced decryption
Attributes based encryption with verifiable outsourced decryptionAttributes based encryption with verifiable outsourced decryption
Attributes based encryption with verifiable outsourced decryptionKaashivInfoTech Company
 
Attribute-Based Encryption for Cloud Security
Attribute-Based Encryption for Cloud SecurityAttribute-Based Encryption for Cloud Security
Attribute-Based Encryption for Cloud SecurityMphasis
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud.ppt
Privacy Preserving Public Auditing for Data Storage Security in Cloud.pptPrivacy Preserving Public Auditing for Data Storage Security in Cloud.ppt
Privacy Preserving Public Auditing for Data Storage Security in Cloud.pptGirish Chandra
 
Attribute based encryption in cloud with significant reduction reviw2
Attribute based encryption in cloud with significant reduction reviw2Attribute based encryption in cloud with significant reduction reviw2
Attribute based encryption in cloud with significant reduction reviw2Naveena N
 
a novel approach for data uploading
a novel approach for data uploadinga novel approach for data uploading
a novel approach for data uploadingIJAEMSJORNAL
 
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detection
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detectionIEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detection
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detectionmadhucharis
 
Final_attribute based encryption in cloud with significant reduction of compu...
Final_attribute based encryption in cloud with significant reduction of compu...Final_attribute based encryption in cloud with significant reduction of compu...
Final_attribute based encryption in cloud with significant reduction of compu...Naveena N
 
A Survey of Techniques against Security Threats in Mobile Ad Hoc Networks
A Survey of Techniques against Security Threats in Mobile Ad Hoc NetworksA Survey of Techniques against Security Threats in Mobile Ad Hoc Networks
A Survey of Techniques against Security Threats in Mobile Ad Hoc Networksdrsrinivasanvenkataramani
 
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...Asma Swapna
 

What's hot (20)

identity-based distributed provable data possession in multi-cloud storage
identity-based distributed provable data possession in multi-cloud storageidentity-based distributed provable data possession in multi-cloud storage
identity-based distributed provable data possession in multi-cloud storage
 
PPT FOR IDBSDDS SCHEMES
PPT FOR IDBSDDS SCHEMESPPT FOR IDBSDDS SCHEMES
PPT FOR IDBSDDS SCHEMES
 
Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...
 
Privacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storagePrivacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storage
 
IPCA - Intelligent Protocol Content Analysis
IPCA - Intelligent Protocol Content AnalysisIPCA - Intelligent Protocol Content Analysis
IPCA - Intelligent Protocol Content Analysis
 
Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storage
 
Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...
 
Identity based distributed provable data
Identity based distributed provable dataIdentity based distributed provable data
Identity based distributed provable data
 
Authentication on Cloud using Attribute Based Encryption
Authentication on Cloud using Attribute Based EncryptionAuthentication on Cloud using Attribute Based Encryption
Authentication on Cloud using Attribute Based Encryption
 
Attribute based encryption with verifiable outsourced decryption
Attribute based encryption with verifiable outsourced decryptionAttribute based encryption with verifiable outsourced decryption
Attribute based encryption with verifiable outsourced decryption
 
Privacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storagePrivacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storage
 
Attributes based encryption with verifiable outsourced decryption
Attributes based encryption with verifiable outsourced decryptionAttributes based encryption with verifiable outsourced decryption
Attributes based encryption with verifiable outsourced decryption
 
Attribute-Based Encryption for Cloud Security
Attribute-Based Encryption for Cloud SecurityAttribute-Based Encryption for Cloud Security
Attribute-Based Encryption for Cloud Security
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud.ppt
Privacy Preserving Public Auditing for Data Storage Security in Cloud.pptPrivacy Preserving Public Auditing for Data Storage Security in Cloud.ppt
Privacy Preserving Public Auditing for Data Storage Security in Cloud.ppt
 
Attribute based encryption in cloud with significant reduction reviw2
Attribute based encryption in cloud with significant reduction reviw2Attribute based encryption in cloud with significant reduction reviw2
Attribute based encryption in cloud with significant reduction reviw2
 
a novel approach for data uploading
a novel approach for data uploadinga novel approach for data uploading
a novel approach for data uploading
 
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detection
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detectionIEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detection
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detection
 
Final_attribute based encryption in cloud with significant reduction of compu...
Final_attribute based encryption in cloud with significant reduction of compu...Final_attribute based encryption in cloud with significant reduction of compu...
Final_attribute based encryption in cloud with significant reduction of compu...
 
A Survey of Techniques against Security Threats in Mobile Ad Hoc Networks
A Survey of Techniques against Security Threats in Mobile Ad Hoc NetworksA Survey of Techniques against Security Threats in Mobile Ad Hoc Networks
A Survey of Techniques against Security Threats in Mobile Ad Hoc Networks
 
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...
 

Similar to Smart Contract Security Testing

TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...Alan Quayle
 
Multi-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentMulti-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentIRJET Journal
 
Does DevSecOps really exist?
Does DevSecOps really exist?Does DevSecOps really exist?
Does DevSecOps really exist?continohq
 
IRJET- Preventing Fake Page from Blackhat’s In Mobile Web Browsers using ...
IRJET- Preventing Fake Page from Blackhat’s In Mobile Web Browsers using ...IRJET- Preventing Fake Page from Blackhat’s In Mobile Web Browsers using ...
IRJET- Preventing Fake Page from Blackhat’s In Mobile Web Browsers using ...IRJET Journal
 
#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...
#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...
#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...Agile Testing Alliance
 
A PPLICATION OF C LASSICAL E NCRYPTION T ECHNIQUES FOR S ECURING D ATA -...
A PPLICATION OF C LASSICAL E NCRYPTION T ECHNIQUES FOR S ECURING D ATA -...A PPLICATION OF C LASSICAL E NCRYPTION T ECHNIQUES FOR S ECURING D ATA -...
A PPLICATION OF C LASSICAL E NCRYPTION T ECHNIQUES FOR S ECURING D ATA -...IJCI JOURNAL
 
SECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOL
SECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOLSECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOL
SECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOLIJNSA Journal
 
Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...
Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...
Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...SBGC
 
PCI 3.0 – What You Need to Know
PCI 3.0 – What You Need to KnowPCI 3.0 – What You Need to Know
PCI 3.0 – What You Need to KnowTerra Verde
 
IEEE Projects 2012-2013 Network Security
IEEE Projects 2012-2013 Network SecurityIEEE Projects 2012-2013 Network Security
IEEE Projects 2012-2013 Network SecuritySBGC
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive softwareAlan Tatourian
 
4.report (cryptography & computer network)
4.report (cryptography & computer network)4.report (cryptography & computer network)
4.report (cryptography & computer network)JIEMS Akkalkuwa
 
Enhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid ComputingEnhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid Computingijtsrd
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Getting started with IoT
Getting started with IoTGetting started with IoT
Getting started with IoTCodit
 
Blockchain testing strategy
Blockchain testing strategyBlockchain testing strategy
Blockchain testing strategyrajni singh
 
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...Asma Swapna
 
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTINGANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTINGEditor IJMTER
 

Similar to Smart Contract Security Testing (20)

TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...
 
Multi-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentMulti-Server Authentication Key Exchange Approach in BIGDATA Environment
Multi-Server Authentication Key Exchange Approach in BIGDATA Environment
 
Does DevSecOps really exist?
Does DevSecOps really exist?Does DevSecOps really exist?
Does DevSecOps really exist?
 
IRJET- Preventing Fake Page from Blackhat’s In Mobile Web Browsers using ...
IRJET- Preventing Fake Page from Blackhat’s In Mobile Web Browsers using ...IRJET- Preventing Fake Page from Blackhat’s In Mobile Web Browsers using ...
IRJET- Preventing Fake Page from Blackhat’s In Mobile Web Browsers using ...
 
#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...
#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...
#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...
 
A PPLICATION OF C LASSICAL E NCRYPTION T ECHNIQUES FOR S ECURING D ATA -...
A PPLICATION OF C LASSICAL E NCRYPTION T ECHNIQUES FOR S ECURING D ATA -...A PPLICATION OF C LASSICAL E NCRYPTION T ECHNIQUES FOR S ECURING D ATA -...
A PPLICATION OF C LASSICAL E NCRYPTION T ECHNIQUES FOR S ECURING D ATA -...
 
SECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOL
SECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOLSECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOL
SECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOL
 
Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...
Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...
Network security java ieee projects 2012 @ Seabirds ( Trichy, Pudukkottai, Ta...
 
PCI 3.0 – What You Need to Know
PCI 3.0 – What You Need to KnowPCI 3.0 – What You Need to Know
PCI 3.0 – What You Need to Know
 
IEEE Projects 2012-2013 Network Security
IEEE Projects 2012-2013 Network SecurityIEEE Projects 2012-2013 Network Security
IEEE Projects 2012-2013 Network Security
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive software
 
Cloud computingsec p3
Cloud computingsec p3Cloud computingsec p3
Cloud computingsec p3
 
4.report (cryptography & computer network)
4.report (cryptography & computer network)4.report (cryptography & computer network)
4.report (cryptography & computer network)
 
Enhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid ComputingEnhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid Computing
 
Student Spring 2021
Student Spring 2021Student Spring 2021
Student Spring 2021
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
Getting started with IoT
Getting started with IoTGetting started with IoT
Getting started with IoT
 
Blockchain testing strategy
Blockchain testing strategyBlockchain testing strategy
Blockchain testing strategy
 
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
 
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTINGANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
 

More from Dilum Bandara

Introduction to Machine Learning
Introduction to Machine LearningIntroduction to Machine Learning
Introduction to Machine LearningDilum Bandara
 
Time Series Analysis and Forecasting in Practice
Time Series Analysis and Forecasting in PracticeTime Series Analysis and Forecasting in Practice
Time Series Analysis and Forecasting in PracticeDilum Bandara
 
Introduction to Dimension Reduction with PCA
Introduction to Dimension Reduction with PCAIntroduction to Dimension Reduction with PCA
Introduction to Dimension Reduction with PCADilum Bandara
 
Introduction to Descriptive & Predictive Analytics
Introduction to Descriptive & Predictive AnalyticsIntroduction to Descriptive & Predictive Analytics
Introduction to Descriptive & Predictive AnalyticsDilum Bandara
 
Introduction to Concurrent Data Structures
Introduction to Concurrent Data StructuresIntroduction to Concurrent Data Structures
Introduction to Concurrent Data StructuresDilum Bandara
 
Hard to Paralelize Problems: Matrix-Vector and Matrix-Matrix
Hard to Paralelize Problems: Matrix-Vector and Matrix-MatrixHard to Paralelize Problems: Matrix-Vector and Matrix-Matrix
Hard to Paralelize Problems: Matrix-Vector and Matrix-MatrixDilum Bandara
 
Introduction to Map-Reduce Programming with Hadoop
Introduction to Map-Reduce Programming with HadoopIntroduction to Map-Reduce Programming with Hadoop
Introduction to Map-Reduce Programming with HadoopDilum Bandara
 
Embarrassingly/Delightfully Parallel Problems
Embarrassingly/Delightfully Parallel ProblemsEmbarrassingly/Delightfully Parallel Problems
Embarrassingly/Delightfully Parallel ProblemsDilum Bandara
 
Introduction to Warehouse-Scale Computers
Introduction to Warehouse-Scale ComputersIntroduction to Warehouse-Scale Computers
Introduction to Warehouse-Scale ComputersDilum Bandara
 
Introduction to Thread Level Parallelism
Introduction to Thread Level ParallelismIntroduction to Thread Level Parallelism
Introduction to Thread Level ParallelismDilum Bandara
 
CPU Memory Hierarchy and Caching Techniques
CPU Memory Hierarchy and Caching TechniquesCPU Memory Hierarchy and Caching Techniques
CPU Memory Hierarchy and Caching TechniquesDilum Bandara
 
Data-Level Parallelism in Microprocessors
Data-Level Parallelism in MicroprocessorsData-Level Parallelism in Microprocessors
Data-Level Parallelism in MicroprocessorsDilum Bandara
 
Instruction Level Parallelism – Hardware Techniques
Instruction Level Parallelism – Hardware TechniquesInstruction Level Parallelism – Hardware Techniques
Instruction Level Parallelism – Hardware TechniquesDilum Bandara
 
Instruction Level Parallelism – Compiler Techniques
Instruction Level Parallelism – Compiler TechniquesInstruction Level Parallelism – Compiler Techniques
Instruction Level Parallelism – Compiler TechniquesDilum Bandara
 
CPU Pipelining and Hazards - An Introduction
CPU Pipelining and Hazards - An IntroductionCPU Pipelining and Hazards - An Introduction
CPU Pipelining and Hazards - An IntroductionDilum Bandara
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
High Performance Networking with Advanced TCP
High Performance Networking with Advanced TCPHigh Performance Networking with Advanced TCP
High Performance Networking with Advanced TCPDilum Bandara
 
Introduction to Content Delivery Networks
Introduction to Content Delivery NetworksIntroduction to Content Delivery Networks
Introduction to Content Delivery NetworksDilum Bandara
 
Peer-to-Peer Networking Systems and Streaming
Peer-to-Peer Networking Systems and StreamingPeer-to-Peer Networking Systems and Streaming
Peer-to-Peer Networking Systems and StreamingDilum Bandara
 

More from Dilum Bandara (20)

Introduction to Machine Learning
Introduction to Machine LearningIntroduction to Machine Learning
Introduction to Machine Learning
 
Time Series Analysis and Forecasting in Practice
Time Series Analysis and Forecasting in PracticeTime Series Analysis and Forecasting in Practice
Time Series Analysis and Forecasting in Practice
 
Introduction to Dimension Reduction with PCA
Introduction to Dimension Reduction with PCAIntroduction to Dimension Reduction with PCA
Introduction to Dimension Reduction with PCA
 
Introduction to Descriptive & Predictive Analytics
Introduction to Descriptive & Predictive AnalyticsIntroduction to Descriptive & Predictive Analytics
Introduction to Descriptive & Predictive Analytics
 
Introduction to Concurrent Data Structures
Introduction to Concurrent Data StructuresIntroduction to Concurrent Data Structures
Introduction to Concurrent Data Structures
 
Hard to Paralelize Problems: Matrix-Vector and Matrix-Matrix
Hard to Paralelize Problems: Matrix-Vector and Matrix-MatrixHard to Paralelize Problems: Matrix-Vector and Matrix-Matrix
Hard to Paralelize Problems: Matrix-Vector and Matrix-Matrix
 
Introduction to Map-Reduce Programming with Hadoop
Introduction to Map-Reduce Programming with HadoopIntroduction to Map-Reduce Programming with Hadoop
Introduction to Map-Reduce Programming with Hadoop
 
Embarrassingly/Delightfully Parallel Problems
Embarrassingly/Delightfully Parallel ProblemsEmbarrassingly/Delightfully Parallel Problems
Embarrassingly/Delightfully Parallel Problems
 
Introduction to Warehouse-Scale Computers
Introduction to Warehouse-Scale ComputersIntroduction to Warehouse-Scale Computers
Introduction to Warehouse-Scale Computers
 
Introduction to Thread Level Parallelism
Introduction to Thread Level ParallelismIntroduction to Thread Level Parallelism
Introduction to Thread Level Parallelism
 
CPU Memory Hierarchy and Caching Techniques
CPU Memory Hierarchy and Caching TechniquesCPU Memory Hierarchy and Caching Techniques
CPU Memory Hierarchy and Caching Techniques
 
Data-Level Parallelism in Microprocessors
Data-Level Parallelism in MicroprocessorsData-Level Parallelism in Microprocessors
Data-Level Parallelism in Microprocessors
 
Instruction Level Parallelism – Hardware Techniques
Instruction Level Parallelism – Hardware TechniquesInstruction Level Parallelism – Hardware Techniques
Instruction Level Parallelism – Hardware Techniques
 
Instruction Level Parallelism – Compiler Techniques
Instruction Level Parallelism – Compiler TechniquesInstruction Level Parallelism – Compiler Techniques
Instruction Level Parallelism – Compiler Techniques
 
CPU Pipelining and Hazards - An Introduction
CPU Pipelining and Hazards - An IntroductionCPU Pipelining and Hazards - An Introduction
CPU Pipelining and Hazards - An Introduction
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
High Performance Networking with Advanced TCP
High Performance Networking with Advanced TCPHigh Performance Networking with Advanced TCP
High Performance Networking with Advanced TCP
 
Introduction to Content Delivery Networks
Introduction to Content Delivery NetworksIntroduction to Content Delivery Networks
Introduction to Content Delivery Networks
 
Peer-to-Peer Networking Systems and Streaming
Peer-to-Peer Networking Systems and StreamingPeer-to-Peer Networking Systems and Streaming
Peer-to-Peer Networking Systems and Streaming
 
Mobile Services
Mobile ServicesMobile Services
Mobile Services
 

Recently uploaded

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 

Recently uploaded (20)

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 

Smart Contract Security Testing

  • 2.  DApp architecture  Transaction (TX) functional testing  Smart Contract (SC) security  Blockchain platform  Infrastructure – especially for private & consortium chains  SC language & execution-environment  Integration with external systems  Data management  Cryptography & Key management  Access control & KYC  Scalability & Performance  Privacy  Business continuity & Disaster recovery  Governance & compliance 2
  • 3.  Race conditions  Reentrancy  Cross-function race conditions  Deadlocks  Denial of Service (DoS)  Unexpected throw  Gas limit – SC calls & block  Arithmetic overflow/underflow  Timestamp & block number dependence  TX order dependence (front running)  Access control  SC language specific behaviour  In solidity SC owner is set at time of initialization  Short address attack in EVM 3
  • 4. 4 |
  • 5.  Code smells – symptoms in that possibly indicate deeper problems 5 | [1] Chen, Jiachi, Xin Xia, David Lo, John Grundy, Daniel Xiapu Luo, and Ting Chen. “Domain Specific Code Smells in Smart Contracts,” arXiv preprint arXiv:1905.01467 (2019).
  • 6.  Static  Code-level  Binary-level  Dynamic  Real-time  Historical data  Blackbox, Graybox, vs. Whitebox testing 6
  • 7.  Fuzzing SCs for vulnerability detection  Fuzz testing  Automated testing by providing invalid, unexpected, or random data as inputs  Set of test oracles  Gasless send  Exception disorder  Reentrancy  Timestamp dependency  Block number dependency  Dangerous delegate calls  Freezing Ether [2] Jiang, Bo, Ye Liu, and W. K. Chan. “Contractfuzzer: Fuzzing smart contracts for vulnerability detection,” In Proc. 33rd ACM/IEEE Intl. Conf. on Automated Software Engineering, pp. 259-269. 2018. 7
  • 8.  Testing  With 6,991 SCs  Better performance than Oyente  Critique  + Dynamic testing  - High rate of false negatives  - Depends on quality of test oracles  - Offline EVM 8
  • 9.  Mutation testing – Fault-based software testing technique  Used to evaluate the adequacy of test cases [3] Wu, Haoran, Xingya Wang, Jiehui Xu, Weiqin Zou, Lingming Zhang, and Zhenyu Chen. “Mutation testing for ethereum smart contract,” arXiv preprint arXiv:1908.03707 (2019). 9
  • 10.  10 general mutation operations  15 SC specific mutation operations  Mutation Score (MS)  Goodness of test coverage 10
  • 11.  Critique  + Works on SCs as they are small  + Dynamic testing  - Too many false positives  - Too many cases to test  - Depends on mutation operators 11
  • 12.  Automatic formal verification of SCs using abstract interpretation & symbolic model checking  Focuses on  Correctness – Safe programming practices  Fairness – Follow business logic  Technique  Policy builder  Abstract language to model SC behaviour  Source code translator  Solidity to LLVM bytecode  Add policy conditions as assert statements  Verifier  Check assertion violations [4] Kalra, Sukrit, Seep Goel, Mohan Dhawan, and Subodh Sharma. "ZEUS: Analyzing Safety of Smart Contracts." In Network and Distributed Systems Security (NDSS) Symposium, Feb. 2018. 12
  • 13. Performance  Tested with 1,524 unique contracts  Found 94.6% of them to be vulnerable  Test within seconds  No false negatives & few false positives Critique  + Static testing  - User needs to provide policy document  - Can check only for pre-coded issues  - CPU & memory expensive  - No multi-function/contract testing 13
  • 14.  Static analysis framework for SCs  Uses an intermediate representation called Slither  Supports security testing, code optimization, review, & user understanding [5] Feist, Josselin, Gustavo Grieco, and Alex Groce. “Slither: a static analysis framework for smart contracts,” In 2019 IEEE/ACM 2nd Intl. Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 8-15. IEEE, 2019. 14
  • 15. [6] Parizi, Reza M., Ali Dehghantanha, Kim-Kwang Raymond Choo, and Amritraj Singh. "Empirical vulnerability analysis of automated smart contracts security testing on blockchains." In Proc. 28th Annual Intl. Conf. on Computer Science and Software Engineering, pp. 103-113. IBM Corp., 2018. 15
  • 17.  Avoid external calls  Finish all internal work before making external calls  Exception handling – Be aware of different function behaviour  Use libraries/languages that prevent overflow & underflow  Code reuse  Avoid multi-party contracts – One party may disappear  Explicitly set visibility of functions & variables  Favour pull over push – Let users withdraw funds  Keep fallback function simple  Upgradable contracts – No hardcoding of contract addresses  Rate limiting – No of calls & crypto  Use send() over call.value() – send() has a fixed gas limit of 2,300 17
  • 18.  Consensus & network management  Security & incentives  Cryptography & Key management  Generation, distribution, use, & revocation  Access control & privacy  Use case relevancy  Data management  On-chain vs. off-chain  Chain defence  Integration  Scalability & performance  Business continuity & DR  CA & wallets  Governance & compliance [7] KPMG International, Realizing Blockchains Potential, 2018 18
  • 20.  Testing throughout SDLC  Manual inspection, threat modelling, code review, penetration testing  Identification of functional & non- functional security requirements  Details are more focused on penetration testing  Extensive set of test cases  Web-application specific  ISO/IEC 27034 cover some of the other aspects [8] OWASP Testing Guide v4.0, 2014 20
  • 21.  Many static analysis tools  Dynamic analysis is more difficult  Handing ledger changes & high-throughput TX replay  Multi-contract & multi-TX support  Support for real-time debugging  Limited support for SC profiling & optimization  Effectiveness, accuracy, & coverage need to improve  Test frameworks & test methodologies need to cover BC-specific aspects  Coverage of other test areas – platform, SCs  BC-specific threat modelling  Extending tools beyond Solidity/Ethereum  Intermediate language based tools are better suited for this 21

Editor's Notes

  1. Send() return false not an exception Cross-function race conditions – 2 fun share same state Parity multi-sig library self destruct Gas limit – Looping sending cash back exceeding block gas limit preventing some receivers from getting cash Short address attack – ERC20 issues with crafted wallet addresses ending with 0 (due to EVM bug)
  2. Code-level – Contextual design details are visible Binary-level – More like black-box testing
  3. AST - abstract syntax tree
  4. LLVM – Portable and high-level assembly language
  5. SmartCheck most effective while Mythril most accurate
  6. Functional security – account lock out policy, compliance needs