ICO is the acronym for Initial Coin Offering. It means that some agency which is going to launch a whole new cryptocurrency offers investors some units of a their cryptocurrency or crypto-token in exchange against cryptocurrencies like Bitcoin or Ethereum or some particular Fiat.

Cryptassist’s ICO has already started and successfully reached softcap within 25 days. One of the main reasons behind achieving this target so early is the security algorithms which Cryptassist deployed on it’s ICO platform!

WHY ICO SECURITY IS NEEDED? — Almost all ICOs today are unregulated and so are very prone to attacks.

To encompass both legal and technical countermeasures.

Security from digital breaches or theft.

WHAT SHOULD BE DONE TO KEEP ICO SECURED?

Validation & Sanitization:

Validation checks if the input meets a set of criteria (such as a string contains no standalone single quotation marks).

Sanitization modifies the input to ensure that it is valid (such as doubling single quotes).

Content Security Policy (CSP): CSP helps to specify the domains that a browser should consider as valid sources of executable strips so as the browser knows to ignore any malicious script that might infect their visitor’s computer.

Handling File Uploads: Files uploaded to ICO website are stored in a folder outside of the web-root or in the database as a blob so as to protect files from hackers.

API Throttling: API Throttling is done to protect ICO’s API from “Denial of Service (DOS)” Attacks.

Handle Account Takeovers: Bruteforce attacks are easy to set up. Hence, following 2 strategies should be taken into consideration to prevent these attacks-

Restrict the number of login attempts for a particular user.

Restrict user to be logged in only from a particular device at a particular time.

Library Vulnerabilities: Following are the dependency checking tools which must be used for ICO security-

Node Security Project (NSP) Tools

RetireJS

OSSIndex

Dependency-check

Bundler-audit

Hakiri

Snyk

Gemnasium

SCR:CLR

HTTPS: Basic yet powerful! HTTP ensures users that they’re exchanging to the server they expect, and that nobody else can intercept or change the content they’re seeing in transit.

Server Monitoring: ICO organizers should be prepared for an attack. Keeping this in mind, following tools must be used-

Sysdig

Newrelic’s server-monitoring

Mozilla tools

Ssllabs tools

Hack Yourselves: This may feel weird but when the whole team sits together to hack the ICO, it shows the weak points of the systems on which developers need to be more strict. It is the most powerful technique to prevent your ICO from being hacked.

Stay secured and let your ICO boom in the market. All the best!