Hi everyone,
The results are in!
https://campbx.com/testnet/main.phpWe were tested for >1,000 known vulnerabilities specific to our platform and services by McAfee Secure (formerly McAfee Hacker-Safe), who are ranked #1 in security industry for threat detection. This is the same auditing service used by well-known brands like Costco, Petco, and Roush Racing for their e-commerce websites.
Here is an executive summary of our results:
OWASP top-10 web vulnerabilities:
A1: Injection -
Pass A2: Cross-Site Scripting (XSS) -
Pass A3: Broken Authentication and Session Management -
Pass A4: Insecure Direct Object References -
Pass A5: Cross-Site Request Forgery (CSRF) -
Pass A6: Security Misconfiguration -
Pass A7: Insecure Cryptographic Storage -
Pass A8: Failure to Restrict URL Access -
Pass A9: Insufficient Transport Layer Protection -
Pass A10: Unvalidated Redirects and Forwards -
PassDistributed Denial-of-Service attack:
Pass with no noticeable slowdown in response time
All vulnerabilities are classified on a scale of 1-to-5, with 5 being Urgent and 1 being informational. Camp BX final scorecard is:
Sev 5: zero
Sev 4: zero
Sev 3: zero
Sev 2: zero
Sev 1: 29
(Sev 1 includes information like "DNS Server detected", "NTP Server detected", "SSL Certificate mismatch on Testnet.CampBX.com"...)
This makes Camp BX is the first Bitcoin platform certified for compliance with 7 information and data security standards! We have also achieved all requirements for the McAfee Secure Trustmark, and on our livenet launch Camp BX platform will proudly wear this badge. A HUGE thank you to Alex and Yuriy for burning the midnight oil to fix all issues identified, and ensuring that we are able to achieve this crucial certification prior to our launch.
Going forward Camp BX will be
re-tested daily for all known vulnerabilities. We realize that security is a process, and we have put together alerts and escalation procedures in place to ensure that anything higher than Sev 1 is fixed within 72 hours.
Thank you and good night,
Keyur
While it is great you have had this done, this is mostly marketing. Unless there were some other tests done, you are being very misleading on what this really means.
"(formerly McAfee Hacker-Safe), who are ranked #1 in security industry for threat detection"
Ranked #1. When and by whom?
"We were tested for >1,000 known vulnerabilities specific to our platform"
Really? How were the tests specific to your platform? To my knowledge, and after talking to them on the phone today, there is only one McAfee Secure product. It is a standard daily PCI scan that is the same for everyone that buys that product. You can be set up and them scanning you in hours by putting some code on your site. As their rep said on the phone "it is all in the cloud, you just put the code on your site and we scan every day."
We have also achieved all requirements for the McAfee Secure Trustmark
The trustmark is just a badge you get for passing all the automated tests every day. It is a marketing "bonus" to show your customers you got the scan done, there are no additional tests involved. They even say on their site that by displaying the badge customers got "12% increase in sales conversions"
certified for compliance with 7 information and data security standards
Is this what McAfee says you have passed from using their McAfee secure product? Or do you have other tests?