Conference Venue: RAI Amsterdam, Europaplein 24, 1078 GZ Amsterdam, The Netherlands

Book Hotel click HERE
Back To Schedule
Thursday, September 26 • 1:45pm - 2:30pm
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Last year at AppSec EU I had a presentation about the Ethereum smart contracts and did a technical showcase of some of their potential vulnerabilities and security flaws. I also presented my proposition on how to handle the responsible disclosure process in the smart contracts world.
This year I want to focus on the whole process of security testing and present it by analogies to the web applications which are quite well-known. Smart contracts are described as Web3 decentralized apps and I believe that my talk will not only bring new light on this subject but will also help to understand and organize the way of testing. I am going to cover the whole SDLC and show the similarities and differences between the smart contracts and web applications on each step.
The presented overview is especially important nowadays when the biggest companies are building their own blockchain platforms and cryptocurrencies – i.e. Libra introduced by Facebook (which by the way also supports smart contracts).
I am also going to show the differences in the arsenal of vulnerabilities, security tools and standards by the analogy to web apps arsenal. I think that, even though there exist a lot of great security projects for smart contracts, we do not have a single, widely accepted security standard (such as ASVS in web apps world). I would like to discuss potential work that needs to be done in that area and show my preliminary work on that matter.
After this presentation audience will know what are the similarities and differences between smart contracts and web apps in the SDLC, an arsenal of tools and standards, but also will have a fresh overview of possible options and current trends.

avatar for Damian Rusinek

Damian Rusinek

Sr. Security Specialist, SecuRing
Senior IT Security Specialist, since 2016 in SecuRing. Professionally responsible for blockchain, web and mobile application audits and source code analysis. Software developer and analyst with over a decade of experience. Engaged in many projects, such as projects from energy industry... Read More →

Thursday September 26, 2019 1:45pm - 2:30pm CEST