Certification
Certification | Penetration test (1 year) | Proof of funds | Bug bounty |
---|---|---|---|
Uncertified | |||
- Uncertified
Proof of funds
Penetration test (1 year)
Bug bounty
Proof of funds
Penetration test (1 year)
Bug bounty
Proof of funds
Penetration test (1 year)
Bug bounty
Proof of funds
Penetration test (1 year)
Bug bounty
- 01
CyberSecurity Score (CSS)_
The CyberSecurity Score is a combination of server security, user security, preventive security and historical hack cases.
- AAA>9,5
- AA>9
- A>8,5
- BBB>8
- BB>7,5
- B>7
- CCC>6,5
- CC>6
- C>5,5
- D<5
The CyberSecurity Score calculates as a sum of factors
- 1.75
Server security
- 1.75
User security
- 2.5
Penetration test
- 2.5
Bug bounty
- 1
ISO 27001
- 0.5
Funds insurance
Server Security
- SSL TLS
- WAF CDN
- DNS SEC
- SPF
- Open ports
- Http security headers
- Spam db
- Cookie security flags
User Security
- 2-factor auth
- Captcha
- Password Requirements
- Device management
- Anti-phishing code
- Withdrawal whitelist
- Previous hack cases
Preventive security
- BugBounty
- Penetration test
- ISO 27001
- Funds Insurance
- 02
Penetration Test_
Penetration testing, also known as Ethical hacking is a critical tool for analyzing the security of IT systems. The objective of a penetration testing is to identify ways to exploit vulnerabilities to circumvent or defeat the security features of system components by simulated attacks in a controlled environment carried out by third-party security specialists who employ the same techniques as attackers located outside the system infrastructure.
Penetration tests submitted for certification should meet generally recognizedrequirements - 03
Proof of Funds_
Another important criterion to be certified is the proof of funds as claimed by cryptocurrency exchanges. Insolvent exchanges can lead to massive damages to users, especially when withdrawals exceed the available funds on the exchange. To combat this, CER requires exchanges to:
Identifiable Wallets
All wallet addresses owned by the cryptocurrency exchange must be publicly disclosed and provable on blockchain explorers.
Minimum Funding Limit
Certification of cryptocurrency exchanges will only be conducted for exchanges with a wallet balance of more than $1 million USD (in ETH and BTC terms).
- 04
Bug Bounty_
The fourth component of certification is a Live Bug Bounty program, which is an activity aimed at finding vulnerabilities by leveraging the power of the ethical hackers’ community. A pool of thousands of individuals with varied skills and backgrounds produces robust results and thanks to continual testing, crypto exchanges can improve the quality of their infrastructures by eliminating high-frequency functional bugs before they can do significant damage.
Self-hosted bug bounty programs are evaluated twice less than third-party managed (1.25 from 2.5 points). Currently, we dont provide a certificate for self-hosted programs.
A self-hosted bug bounty program may be evaluated as third-party managed if the platform provides a review from a well-known third-party auditor company.
Become CERtified
To obtain a CERtificate, please contact us to provide relevant data about the latest penetration testing, wallet balances, and a bug bounty program.
CONTACT US