Schweitzer Fachinformationen
Wenn es um professionelles Wissen geht, ist Schweitzer Fachinformationen wegweisend. Kunden aus Recht und Beratung sowie Unternehmen, öffentliche Verwaltungen und Bibliotheken erhalten komplette Lösungen zum Beschaffen, Verwalten und Nutzen von digitalen und gedruckten Medien.
Learn to secure, design, implement, and test tomorrow's blockchain applications.
Blockchain Application Security guides readers through the architecture and components of blockchain, including protocols such as Bitcoin and beyond, by offering a technical yet accessible introduction. This resource is ideal for application architects, software developers, security auditors, and vulnerability testers working on enterprise blockchain solutions. It bridges the gap between theory and implementation, providing actionable guidance on protecting decentralized systems while capitalizing on their innovative benefits.
Blockchain Application Security covers the essentials, from the fundamentals of distributed ledgers, consensus algorithms, digital wallets, smart contracts, privacy controls, and DIDs, to designing secure dApp architectures with component-level threat analysis and resilient APIs, token transactions, digital exchanges, and identity models. It features a complete lifecycle example for securing a DeFi lending and borrowing platform, along with practical walkthroughs for smart contract development, AWS-integrated blockchain systems, frontend/API integration, and code auditing.
"An accessible, comprehensive blockchain overview that emphasizes its value across industrial and government sectors with a holistic security focus." -David W. Kravitz, Technical Advisor, Spring Labs
"A cutting-edge method for securing blockchain applications, pushing the boundaries of current practice." -David Cervigni, Senior Security Research Engineer at R3
"Bridging theory and practice with realistic examples, this guide empowers architects and developers to build attack-resistant applications." -Steven Wierckx, Product Security Team Lead & Threatmodel Trainer at Toreon
"A valuable resource for blockchain specialists, featuring hands-on examples of deploying dApps on AWS and securing infrastructure." -Ihor Sasovets, Lead Security Engineer, Penetration Tester at TechMagic
"A practical roadmap for navigating blockchain security that we recommend to clients and incorporate into our training. -Vijay Dhanasekaran, Founder & Chief Blockchain Officer, Consultant at Blocknetics
"An indispensable resource for dApp developers, guiding readers from fundamentals to advanced implementation with in-depth vulnerability analysis." -Mohd Mehdi, Head of DevOps, DevSecOps and Infrastructure at InfStones
Marco Morana is the Field CISO at Avocado Systems Inc., where he leads the deployment of runtime threat modeling and product security solutions for enterprise clients where he leads the deployment of runtime threat modeling and product security solutions for enterprise clients. Previously, he held senior security leadership roles at JPMorgan Chase and Citibank, where he directed global architecture programs and led S-SDLC adoption across cloud and application platforms. At Citibank, Marco conducted architecture risk assessments for blockchain pilots including the first digital asset trade with Nasdaq via Chain.com and authored the bank's first security standards for blockchain. He is the coauthor of the PASTA threat modeling methodology and OWASP project leader focused on secure-by-design for blockchain and AI systems.
Harpreet Singh is a seasoned engineering leader with 19 years of experience driving innovation in AI/LLM, cybersecurity, and large-scale distributed systems. He is known for a strategic approach to architecture, a focus on customer trust and safety, and a collaborative leadership style. He has successfully launched new products, integrated emerging technologies, and optimized security practices across global organizations.
Francesco Piccoli is the cofounder and CEO of Almanax, a cybersecurity firm specializing in AI-powered solutions. He was previously the Head of Product at AnChain.AI, where he built security and compliance tools for the US SEC, IRS, and Salesforce. His team was part of $100M+ crypto hacks investigations. Prior to AnChain.AI, he led research initiatives in anomaly detection and autonomous driving. Francesco holds a Master of Engineering from UC Berkeley and lives in New York.
Foreword xiii Preface xiv Acknowledgments xviii Introduction xx
1 The Blockchain Technology Primer 11.1 Introduction 1 1.2 Brief History of the Blockchain and Its Evolution 2 1.3 DLT and the Blockchain 2 1.4 Blockchain Networks 7 1.5 The Blockchain Data Structure 26 1.6 Consensus Algorithms 55 1.7 Cryptocurrencies 64 1.8 Digital Wallets 71 1.9 Digital Transactions 79 1.10 Privacy Controls 90 1.11 Identity Controls 97 1.12 Legal and Regulatory Considerations 106 1.13 Conclusions 116 1.14 Future Directions and Trends in Blockchain Technology 117
2 Designing Secure Decentralized Applications 1212.1 Introduction 121 2.2 Decentralized Applications 127 2.3 Security Requirements 145 2.4 Securing dApps 152 2.5 Conclusions for This Chapter 266
3 Mitigating Blockchain Vulnerabilities 2693.1 Introduction 269 3.2 Enhancing Blockchain Security: Mitigating Vulnerabilities and Design Flaws 286 3.3 Auditing Blockchain Applications for Compliance 452 3.4 Conclusions 458
4 Securing Blockchain Applications: Practical Examples 4614.1 Introduction 461 4.2 dApp Creation Example 462 4.3 Code Auditing Examples 471
Appendix A: Threat Modeling Matrix 497 Appendix B: Mapping of Threat Scenarios to Targeted Weaknesses and Asset Impacted 531 Appendix C: Mapping of Threat Scenarios to Exploitable Attack Paths 541 Appendix D: Threat Scenarios Attack Simulation Tests 543 Appendix E: Threat Scenario Weakness and Vulnerabilities Risk Ratings 547 Appendix F: Risks Mitigation Plan 553 Appendix G: Threats Risk Register 557 Appendix H: Attack Simulation Testing Report 559 Appendix I: Risk Analysis Report 563
References 571 About the Authors 591 Index 593
Dateiformat: PDFKopierschutz: Adobe-DRM (Digital Rights Management)
Systemvoraussetzungen:
Das Dateiformat PDF zeigt auf jeder Hardware eine Buchseite stets identisch an. Daher ist eine PDF auch für ein komplexes Layout geeignet, wie es bei Lehr- und Fachbüchern verwendet wird (Bilder, Tabellen, Spalten, Fußnoten). Bei kleinen Displays von E-Readern oder Smartphones sind PDF leider eher nervig, weil zu viel Scrollen notwendig ist. Mit Adobe-DRM wird hier ein „harter” Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.
Bitte beachten Sie: Wir empfehlen Ihnen unbedingt nach Installation der Lese-Software diese mit Ihrer persönlichen Adobe-ID zu autorisieren!
Weitere Informationen finden Sie in unserer E-Book Hilfe.
