Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Trusted Environment. Blockchain for business: best practices, experience, tips

Have a look at the presentation created by Kaspersky and Waves Enterprise: “Trusted Environment. Blockchain for business: best practices, experience and tips”. It will prove valuable and thought-provoking to everyone who wants to learn more about how to ensure the security of blockchain-based projects.

Here you will find about:

- Modern enterprise blockchain platforms. We’ll tell you what they are, which tasks they solve, and what use cases are in demand.

- Security of corporate blockchain platforms. Let's analyze the main surfaces and attack vectors.

- Application Security Assessment based on the Waves Enterprise case study. You will see how the assessment works, what vulnerabilities were identified and how Waves Enterprise fixed them.

- How to design a secure solution based on a blockchain platform.

  • Be the first to comment

  • Be the first to like this

Trusted Environment. Blockchain for business: best practices, experience, tips

  1. 1. Anjelika Rizaeva Senior Product Marketing Manager Kaspersky Matvey Voytov Chief Marketing Officer Waves Enterprise Trusted Environment. Blockchain for business: best practices, experience and tips
  2. 2. 2 Versatile hybrid blockchain platform for scalable digital infrastructure Waves Enterprise is not a framework but a ready-to- use solution that addresses real business needs. It is an enterprise-grade platform that combines rapid deployment, integration, and development with predictable TCO Besides technology, we provide a full suite of services: § Consulting § Education § Integration § Premium support § Organization of blockchain competency centers. Waves Enterprise differs Our customers and partners
  3. 3. 3 Types of (corporate) blockchain § Gartner predicts that by 2021, 90% of current enterprise blockchain platform implementations will fail or need to be replaced in 18 months Public blockchain Private blockchain
  4. 4. 4 Hybrid architecture § Mainnet is public permissioned PoS blockchain § Sidechains can be completely private or connected with Mainnet § Nodes can be deployed on- prem or in cloud
  5. 5. 5 Supply chain mgmt Finance and Tokenization Utilities and Housing Practical blockchain use cases Doc flow and Notary
  6. 6. 6 Enterprise blockchain security reqs Regulated encryption Network Access Control Data confidentialityNetwork Security Secure consensus
  7. 7. 7 Data Confidentiality Secured cluster Secured cluster Encrypted data, WrappedKey Waves Enterprise node Secured cluster Waves Enterprise node SQLike DB SQLike DB DMZ DMZ Blockchain JDBC JDBC OAuth OAuth PolicyID, DataHash PolicyID, DataHash Private API Private API
  8. 8. 8What is Application Security Assessment and why does your business need it? • Avoid financial, operational and reputational loss, by proactively detecting and fixing the vulnerabilities • Save remediation costs by tracking down vulnerabilities in applications still in development and test, before they reach the user environment where fixing them may involve considerable disruption and expense • Support a secure software development lifecycle committed to creating and maintaining secure applications Application Security Assessment helps to detect vulnerabilities in an application and gives recommendations on how to fix them.
  9. 9. 9Blockchain-based project threats Human factor Client software vulnerabilities Application Smart contract mistakes Vulnerabilities in compiler Business logic Operating system / system software vulnerabilities Container breach MB, DB misconfiguration IT-infrastructure
  10. 10. 10Waves Enterprise – Security Assessment WEB-application Node implementation Black and grey box OWASP ASVS CVSS 3.0 Burp Suite Amass SQLMap SlowHTTPTest
  11. 11. 11 Before • Wildcard in CORS • Potential user email enumeration • Imperfect password policy After • Fixed list of CORS domains • Non-detailed server responses • Advanced password policy Waves Enterprise – Security Assessment: Web application
  12. 12. 12 Before • Outdated environment • “Slow HTTP” attack probability After • Fully updated system software stack • Checked connection timeout Waves Enterprise – Security Assessment: Node implementation
  13. 13. 13Kaspersky Enterprise Blockchain Security for corporate blockchain projects ` Penetration Testing Virtual and cloud environment protection IT-infrastructure Application Security Assessment Chaincode Audit Business logic Endpoint protection Application
  14. 14. Anjelika Rizaeva Senior Product Marketing Manager Kaspersky Case study security/case- studies/Case_Study_Apllication_Security_Assessme nt_%20Waves_Kaspersky.pdf Matvey Voytov Chief Marketing Officer Waves Enterprise WE news channel: WE group chat: Questions?