Waves Enterprise offers a hybrid blockchain platform aimed at scalable digital infrastructure, combining rapid deployment and a full suite of services including consulting and support. The document highlights the importance of application security assessments in detecting vulnerabilities early in the development process to avoid significant costs and disruptions. It also discusses various blockchain security requirements and threats, including human factors and software vulnerabilities.

1. Anjelika Rizaeva
Senior Product Marketing Manager
Kaspersky
Matvey Voytov
Chief Marketing Officer
Waves Enterprise
Trusted Environment.
Blockchain for business:
best practices, experience and tips

2. 2
Versatile hybrid blockchain platform for scalable digital
infrastructure
Waves Enterprise is not a framework but a ready-to-
use solution that addresses real business needs. It is
an enterprise-grade platform that combines rapid
deployment, integration, and development with
predictable TCO
Besides technology, we provide a full suite of services:
§ Consulting
§ Education
§ Integration
§ Premium support
§ Organization of blockchain competency centers.
Waves Enterprise differs
Our customers and partners

3. 3
Types of (corporate) blockchain
§ Gartner predicts that by 2021, 90% of current enterprise blockchain platform
implementations will fail or need to be replaced in 18 months
Public blockchain Private blockchain

4. 4
Hybrid architecture
§ Mainnet is public
permissioned PoS blockchain
§ Sidechains can be
completely private or
connected with Mainnet
§ Nodes can be deployed on-
prem or in cloud

5. 5
Supply chain mgmt
Finance
and
Tokenization
Utilities
and
Housing
Practical blockchain use cases
Doc flow
and
Notary

6. 6
Enterprise blockchain security reqs
Regulated
encryption
Network Access
Control
Data confidentialityNetwork
Security
Secure
consensus

7. 7
Data Confidentiality
Secured cluster Secured cluster
Encrypted data, WrappedKey
Waves Enterprise
node
Secured cluster
Waves Enterprise
node
SQLike DB SQLike DB
DMZ DMZ
Blockchain
JDBC JDBC
OAuth OAuth
PolicyID,
DataHash
PolicyID,
DataHash
Private API Private API

8. 8What is Application Security Assessment and why does your business need it?
• Avoid financial, operational and reputational loss,
by proactively detecting and fixing the vulnerabilities
• Save remediation costs
by tracking down vulnerabilities in applications still in
development and test, before they reach the user environment
where fixing them may involve considerable disruption and
expense
• Support a secure software development lifecycle
committed to creating and maintaining secure applications
Application Security Assessment helps to detect vulnerabilities in an application and
gives recommendations on how to fix them.

9. 9Blockchain-based project threats
Human factor
Client software vulnerabilities
Application
Smart contract mistakes
Vulnerabilities in compiler
Business logic
Operating system / system
software vulnerabilities
Container breach
MB, DB misconfiguration
IT-infrastructure

10. 10Waves Enterprise – Security Assessment
WEB-application
Node implementation
Black and grey box
OWASP ASVS
CVSS 3.0
Burp Suite
Amass
SQLMap
SlowHTTPTest

11. 11
Before
• Wildcard in CORS
• Potential user email enumeration
• Imperfect password policy
After
• Fixed list of CORS domains
• Non-detailed server responses
• Advanced password policy
Waves Enterprise – Security Assessment: Web application

12. 12
Before
• Outdated environment
• “Slow HTTP” attack probability
After
• Fully updated system software
stack
• Checked connection timeout
Waves Enterprise – Security Assessment: Node implementation

13. 13Kaspersky Enterprise Blockchain Security for corporate blockchain projects
`
Penetration Testing
Virtual and cloud environment
protection
IT-infrastructure
Application Security Assessment
Chaincode Audit
Business logic
Endpoint protection
Application

14. Anjelika Rizaeva
Senior Product Marketing Manager
Kaspersky
Anzhelika.Rizaeva@Kaspersky.com
Case study
https://media.kaspersky.com/en/business-
security/case-
studies/Case_Study_Apllication_Security_Assessme
nt_%20Waves_Kaspersky.pdf
Matvey Voytov
Chief Marketing Officer
Waves Enterprise
mvoytov@wavesenterprise.com
WE news channel: https://t.me/wavesenterprise
WE group chat:
https://t.me/wavesenterprisegroup
Questions?