Formalising blockchain testing methodology


Project overview:

  • Location: Amsterdam
  • Time frame: 6 months
  • Starting: September 2022
  • Complexity: Medium
  • Team: Security Specialists
  • Supervisor: Antonios Papadopoulos

As a student, you have:


Education:

  • MSc student in computer science in the cyber security field or cryptography.


Technical skills:

  • Proven affinity with security and pentesting
  • Ability to look at existing testing processes and extrapolate a similar way of working for a different technology
  • Affinity with blockchain technology


Soft skills:

  • Structured and organized way of working, good writing skills
  • Ability to work well in an international team environment
  • Good communication skills, self-organization.

The project you will be working on:

Blockchain technology is very popular lately, especially in the context of crypto-coins. However, the technology itself is more than novel ways of paying for your groceries. It can also provide publicly available, ideally irrefutable, proof about a whole range of things, in which others can contribute as well. It might be possible to do things like track international payments, share medical data, supply chain / logistics monitoring, etc.

While distributed databases are not exactly new, decentralizing them and giving shared access to a wide variety of people, potentially even everyone who is interested, is quite different. This leads to a very different attack surface, as well as a specific set of security requirements.

While Secura has been involved in a small number of blockchain assessments, a well-structured way of working and a good, clear plan on what should be assessed needs to be formalised. This involves deep-diving into the capabilities of specific blockchains, their potential pitfalls, what to look for during security assessments of these solutions, and possibly even determining markers that might determine whether or not a certain blockchain might be a scam.

We foresee the following steps:

  • An investigation on different blockchain technologies, and which vulnerabilities might arise in practical implementations of these, e.g. with smart contracts.
  • Determining what needs to be looked for in a (security) assessment of blockchain technology.
  • Create a process and a template for executing these types of assessments, making sure that the steps that are defined match well with other parts using the blockchain.
    • For example: it is very likely a (web) application is also present to be able to use the underlying technology. The assessment of such applications needs to tie in well with the assessment of the blockchain.
  • Practically testing both the process and the template by executing assessments against existing technologies, or for a client with this technology.
  • Supporting on creating a formal offering for these types of assets.
    • A fact sheet.
    • Sales texts.
    • Marketing materials.

An affinity with cryptography is definitely helpful, although a lot of it is still very much a practical look at how things are implemented. It is more important to be able to do good research on a particular technology, and discover which potential issues need to be addressed when using this technology.


Contact us

We would like to receive your CV and motivation letter by mail via jobs@secura.com.

Send email keyboard_arrow_right