Built by security experts
Last updated
Last updated
The evident security challenges in Web3 led to the creation of many solutions. Most of them are not pioneered by security experts. Developers or Web3 experts create them.
Cybersecurity is a highly complex niche of computer science. People seeking to become cybersecurity experts should first accumulate vast knowledge of operating systems, network protocols, and development. On top of that, they must dedicate years to learning and practicing hacking techniques, defensive mechanisms, best practices, and compensating controls. Furthermore, a deep understanding of human weaknesses and behavioral patterns is needed when designing security mechanisms.
.
Example: our founder, Danor, performed penetration tests for a new endpoint protection software (used by companies to prevent their employees from running unauthorized programs). Clearly, the security architect wasn't an expert, as it took Danor only 5 minutes to completely bypass the protection. What was the security vulnerability? When the software detected an unauthorized application, it showed a popup announcing this program was unauthorized. Danor discovered a hidden, disabled button on this popup that bypassed the protection (most likely designed for support purposes).
Developer mindset: I've learned that to access a button, it must be enabled and visible. If I hide and disable it, the user will never be able to use it.
Attacker/hacker mindset: I've spent years of my life learning the operating system's deepest levels to perform actions that are not accessible to regular users. If there's a button, I will find a way to discover it and use it.
Security expert mindset: I've spent years of my life learning the operating system's deepest levels to understand all possible access mechanisms. When I want to block something, I must cover all possible scenarios.