IBM Launches Blockchain Security Testing Service

IBM (NYSE: IBM) Security’s team of offensive security experts, X-Force Red,  announced on Tuesday the launch of a new blockchain testing service, which was created to help identify weaknesses and strengthen the security of a wide range of solutions that incorporate the fast-growing technology. IBM reported that the service will evaluate both the backend processes used to manage blockchain networks as well as the actual ledger environment. It was revealed:

“IBM X-Force Red is seeing that 70 percent of solutions that incorporate blockchain rely on traditional technologies for backend processes like authentication, data processing and Application Programming Interfaces (API). The X-Force Red Blockchain Testing service will evaluate the whole implementation including chain code, public key infrastructure and hyperledgers. X-Force Red will also test backend processes, applications and physical hardware used to control access and manage blockchain networks.”

During a typical Blockchain Testing engagement, X-Force Red will assess:

  • Identity and Access – since access can be the key to the blockchain X-Force Red will evaluate how permissions to access/add info to the blockchain are administered including password policies, susceptibility to brute force attacks, and the implementation of 2-factor authentication
  • Public Key Infrastructure (PKI) – secure creation, management, and distribution of digital certificates and keys associated with a blockchain network is crucial to ensuring data integrity
  • Smart Contract flaws – smart contracts, also known as “chain code,” allow for trustless execution of agreements by parties on the blockchain, but proper penetration testing can find exploitable flaws in these agreements
  • Software supply chain attacks – common libraries and component dependency hacking can be tested during design and implementation to ensure secure dependency signatures and a trust build pipeline

Charles Henderson, Global Head of IBM X-Force Red, went on to add:

“While blockchain is a breakthrough for protecting the integrity of data, that does not mean the solutions that leverage it are immune from attackers, which is why security testing is essential during development and after deployment. If we look at mobile applications, cloud computing and even personal computers – all these innovations needed to adopt policies and techniques for security after they grew in popularity. Blockchain presents businesses with an opportunity to break that trend.”

Sponsored Links by DQ Promote


Send this to a friend