CYBER SECURITY CERTIFICATION FOR EXCHANGES
THE IMPORTANCE OF CYBER SECURITY_
The crypto world is full of Hackers looking for their next target. In such an environment how can you prove your exchange is completely secure?
Problem_
During 2018, hackers stole more than $1.3 billion solely from crypto exchanges due to vulnerabilities in their digital infrastructure. The most serious hacks to date are the Coincheck hack ($500 million), BitGrail ($170 million), and Coinrail ($40 million).
Solution_
Crypto Exchange Ranks (CER) offers exchanges the ability to prove their compliance with security standards by passing through security audit and obtaining a CER Cybersecurity Certificate – an objective confirmation that an exchange is a safe place for user funds and personal data.

BENEFITS OF CYBER SECURITY CERTIFICATE _
Proof of compliance with best cybersecurity standards and practices
Transparent and objective sign of safety for the whole community
Demonstration of a healthy attitude to cybersecurity concerns and proactive business vision in general
HOW IT WORKS_
As we use Black-box testing method for conducting the audit, your company's efforts are extremely minimized. The CER Certificate will be issued after your system have been audited and checked by CER/Hacken security team. CER will also provide an iFrame that can be placed on the exchange's website to show ownership of the certificate.
1
Step 1: AGREEMENT
Exchange provides all security reports and links to it's systems to the CER security certification team.


2
Step 2: TEST
Crypto Exchange Ranks' cybersecurity team checks the security level according to the CERtification methodology and requirements.

3
Step 3: CERTIFICATION
The team at CER validates that the exchange is fully compliant with the CERtification requirements and issues a CERtificate that is valid for 6 months.
PROCEDURES AND TESTS_
Every component that we check has a concrete list of factors and metrics to be audited in the scope of cybersecurity certification.

We grouped all important factors into four sections: Server security, User security, Crowdsourced security, and Penetration test.
Server Security
We evaluate the security of the exchange host, web server configuration and client-server configuration by checking. following parameters:

  • SSL/TLS certificate
  • WAF&CDN
  • SPF
  • DNSSEC
  • Open ports scan
  • Hidden dirs/dirs access
User Security
We evaluate how strong is protection of user accounts and sensitive data by checking following parameters:

  • 2FA/MFA
  • Captcha
  • Password Requirements
Crowdsourced Security
We check whether the exchange has an active Bug Bounty Program. White hackers should be able to test the exchange for vulnerabilities. In such a way, we guarantee the dual control of the exchanges' security.
Penetration Test
The test will check the exchange platform for compliance with OWASP requirements and protection against all known threats. A penetration test is an authorized simulated attack on a computer system performed to evaluate the security of the system. A Pentest is conducted following the OWASP Testing Guide.
WHAT WE NEED FROM YOU_
Penetration Test Report
An evidence of the open bug bounty program
Assistance with our tests
To be able to wait for 20 business days
In case your exchange hasn't passed penetration test yet, we can help you get it done with the assistance of Hacken, the biggest cybersecurity company that specializes in blockchain technology. If your platform doesn't have an open bug bounty program, we can help you to launch it on HackenProof, the largest bug bounty platform in Europe.


Please, fill the contact form and we will contact with you shortly