Can blockchain be used for web applications

The blockchain in financial technology

Web security for blockchain-based financial institutions

, Munich, Imperva | Author: Piotr Kluczwajd

Blockchain technology continues to grow

Last year, blockchain and cryptocurrencies were the dominant topics in many places and it looks like this trend will continue to intensify in 2018.

Blockchain technology is well on the way to gaining a foothold in many areas of our lives: be it gambling and games, where providers are increasingly accepting crypto currencies, or IoT inter-transactions, the registration of documents and the protection of digital elections . Startups are founded every day that want to meet demand with new ideas. And financial technology companies and financial institutions are also increasingly adopting innovative cyber applications. The financial technology industry is developing rapidly and is also introducing blockchain-based technologies. Numerous startups are inventing new types of loans outside of the banking business and forms of payment transactions without third parties such as banks, credit card companies, SWIFT or PayPal. For example, Japanese banks have already introduced cross-border money transfers with Ripple, and American Express uses the Stellar network for similar applications.

Eleven blockchain-based companies are represented in the Forbes Fintech Top 50 this year, including Vanguard, BitFury Group, Coinbase, Ripple, Shapeshift and Veem.

Why blockchain?

Blockchain technologies such as Ethereum are designed in such a way that no third parties (lawyers, banks or other service providers) are required to guarantee compliance with contracts, and “Trustless Transactions” are automatically verified. A fundamental characteristic of blockchain technology is that its structure prevents denial-of-service attacks and other forms of abuse such as spam in a network. It does this by demanding additional work from the service recipient, for which purpose the processor capacity of a computer is used as a rule.

Since financial institutions are very valuable targets for hackers, they absolutely need innovative security solutions. The growing credibility of cryptocurrencies, in turn, has a direct impact on financial technology and takes it to a new dimension by combining leading crypto solutions with innovative fintech applications. But while blockchain technology is resistant to DDoS attacks and other abuses due to its distributed design, there are still vulnerabilities in the companies that use these technologies that can be exploited.

Imperva's security researchers have already pointed out these weaknesses in cryptocurrency transactions, in crypto wallets and ICOs. The weak points are basically in areas that are centralized and not based on distributed registers.

Web-based, open platforms

Companies whose core business is based on blockchain technology also need web servers. These servers are not necessarily used for web sites accessed through browsers. They can also be used for business transactions, client-server APIs, mobile app APIs and other applications. Startups in such rapidly emerging and highly competitive industries are often forced to act quickly in order to prove the uniqueness of their service or product. The technical teams of emerging companies have their hands full getting their business idea done and simply don't have the time to focus on the security of the service or product.

For example, none of the providers of crypto wallets or other services that accept blockchain-based transactions checks whether a transaction is running on the Tor network - despite various reports of cases in which funds were stolen when accessing a crypto wallet via Tor were.

The hacker attacks reported on bitcointalk.org and other sites show that blockchain transactions are not secure when connected via the Tor network. One example is the startup Veritaseum, which fell victim to a hacker and lost funds - just a week after the CoinDash website was compromised and the investors' funds flowed into the attacker's wallet.

As shown on the CoinDesk portal, in the case of Veritaseum - unlike in the CoinDash attack - the coins were stolen from the company itself.

Another example is the cryptocurrency startup Tether, which lost nearly $ 31 million to "malicious actions by an external hacker," as the company said.

Challenges for global companies

In our global, highly networked age, many companies depend on cross-border markets, and especially companies that are based on blockchain technology.
The Imperva Incapsula service can offer an integrated solution for financial services or financial products by helping to protect them from attacks via exploited vulnerabilities and at the same time improving the availability of highly distributed services. Imperva Incapsula not only secures the service, but also frees up many resources and shortens development times. This allows developers and technical teams to concentrate on what they do best - implement their innovative ideas and build a stable product. Financial services like OmiseGo and TenX, which enable payment services across different legal systems and fiat money as well as decentralized currencies, must definitely be able to guarantee fast and secure access to their applications. This can (and should) be achieved by implementing a CDN service prior to application. If adjustments to the service need to be made for certain countries, these can also be done via the CDN.

In some cases it is necessary to distinguish between different client applications and geographic locations and other parameters. To do this, various behaviors must be implemented based on the relevant information and the loads must be distributed between the servers depending on the geographical location. All of this can be done via a CDN with a WAF without having to change any code on the application side.

Many service providers offer a CDN, but distributing loads, securing web applications, integrating them into a system and maintaining them is no easy task. Imperva Incapsula brings all these elements together in a single service that does not require the customer to have detailed technical knowledge for integration and maintenance. Fintech startups can thus concentrate on their innovative ideas without having to worry about performance and security.