Case study: Hacken performed a security analysis of CODEX

Company name: CODEX
Company description: CODEX is a licensed trading platform for cryptocurrencies & digital assets, built on vanguard security infrastructure and revolutionary reward system.
Service: Web application security assessment.

“Any financial business includes risk and security management, which is especially important when it comes to the means of our users. Those who do not spend a lot of time on security pay dearly for it. Therefore, we pay much attention to this and the score of 10/10 is a confirmation of our dedication to high security standards” — Serge Vasylchuk CEO at CODEX
About CODEX

CODEX is a licensed exchange that you can trust, filled with all the new and useful functions from the world of digital currencies in a feature-rich architecture. CODEX provides a functional and stable environment, ideal for trading and securely storing cryptocurrencies.

Problems faced by CODEX

Due to the sharp rise in popularity of cryptocurrencies, the world saw a sharp rise in the number of exchanges. Entrepreneurs that wanted to exploit the market opportunity, created a large number of crypto exchanges, without considering security as their main priority. Hackers quickly recognized the lucrative opportunity to earn easy money by exploiting vulnerabilities in crypto wallet software and servers. It’s no surprise that around $1.1 billion worth of cryptocurrency was stolen in 2018 alone.
Recognizing the risk that they’re facing, CODEX enlisted Hacken to conduct a security assessment of their web application. The purpose of the assessment was to utilize active exploitation techniques in order to evaluate the security of the web application against best practice criteria and to validate its security mechanisms.
Hacken Service Summary
Hacken security consultants imitated hacker activities to test the overall security state of the systems, utilizing the best market methodology created by Open Web Application Security Project (OWASP) and test cases from OWASP Application Security Verification Standard Project. Web Application Penetration Testing efforts were based on the following guidelines and security standards:

• OWASP Application Security Verification Standard
• OWASP Secure coding guides
• OWASP Top 10 Risks

The following activities were performed during the assessment:

• Intelligence gathering activities against the target
• Service detection and identification
• Vulnerabilities detection, verification, and analysis
• Exploitation of vulnerabilities
• Recommendations aimed to address security weaknesses

Security Audit Findings

Based on the in-depth testing of the environment, the Hacken team discovered select medium-to-low risk issues in CODEX’s website and web application. No major design flaws were identified. No data manipulation or corruption was discovered. At the end of the assessment, the Hacken team has provided clear steps and recommendations on how to fix the presented risks.

Summing Up

According to our research after performing the security assessment, the security posture of CODEX`s infrastructure was scored as Good Security. CODEX’s systems were found to be generally secure, with only a limited number of medium-to-low risk issues, that will subsequently be resolved by the CODEX team.

The Overall rating of CODEX’s web application, after the security assessment by Hacken, stands out to be 10 out of 10.