Home

Awesome

Web3 Project Security Practice Requirements v0.1

中文版本

0x00 Background Overview

At present, attacks against Web3 projects emerge in an endless stream, and the interactions between projects are becoming more and more complex. The interaction between various projects often introduces new security issues, and most Web3 development teams generally lack experience in cutting-edge security attack and defense.while in the development of Web3 projects, the focus is on the business demonstration of the project and the realization of business functions, and there is no more energy to complete the construction of the security system. Therefore, in the absence of a security system, it is difficult to ensure the security of a Web3 project throughout its life cycle.

Usually, the project team will find an excellent blockchain security team to conduct security audits on its code in order to ensure the security of Web3 projects. When conducting security audits, various security practice requirements can be better achieved, but blockchain security the team's audit is only a short-term guidance, and does not allow the project team to establish its own security system.

Therefore, the SlowMist security team has open-sourced Web3 Project Security Practice Requirements to continuously help the project team in the blockchain ecosystem to master the corresponding Web3 project security skills, It is hoped that the project team can establish and improve its own security system based on Web3 Project Security Practice Requirements, and also have certain security capabilities after security audits.

image_00

Web3 Project Security Practice Requirements contains the following content, which is currently in the v0.1 version and is still being improved. If you have better suggestions, please submit feedback. (If you need help please contact team@slowmist.com, sec_audit@slowmist.com)

image_01_00

0x01 Development Preparation

1.Requirements Analysis Document Requirements

2.Development Design Documentation Requirements

3.Business Process Documentation Requirements

0x02 Development Process

1.Smart Contract Security Coding Requirements

2.Test Case Code Requirements

3. Basic Security Configuration Requirements

4. Web front-end Security Configuration Requirements

5. Server Environment Security Configuration Requirements

0x03 Release Process

A complete security online release process is required, which can be refined by referring to the following content

1. Code Freeze Requirements

2. Unit Test Requirements

3.Regression Testing Requirements

4.Test Report Requirements

5.Security Audit Requirements

0x04 Runtime Process

1.Runtime Security Monitoring

As far as possible through the events triggered in the key business processes to discover the security problems of the project runtime, such as:

2.Runtime environment security hardening

3.Release Bug Bounty Program

4.Form Emergency Response Group

0x05 Emergency Response

1.Establish A Complete Emergency Response Process

2.Stop Loss Disposal Requirements

3.Tracking Hacker Requirements

4.Problem-solving Requirements

5.Security Release Requirements

6.Issue Analysis Requirements

0x06 Security Awareness Cultivation

1.Cultivate security awareness

2.Track security incidents in the ecosystem

3.Security Awareness Assessment and Drills