Blockchain Security Workshop

This is a hands-on deep dive into the world of blockchain security delivered live.

Duration: 2-days

Target group: Developers who are looking for an in-depth course on Blockchain Security

Prerequisites: Some experience with JavaScript, Python or other high-level languages is required. You MUST have some knowledge about Blockchain and Bitcoin

Course size: min 7, max 20

The Blockchain Academy reserves the right to cancel the Blockchain Developer Workshop at least 24 hours in advance via Email if we have not received seven or more confirmed applications. If the Blockchain Developer Workshop is canceled by The Blockchain Academy, then full refunds will be made. This means that the participant is aware that the event is not guaranteed to take place at the time of reservation.

Participants are expected to have:

Computer
Internet Access
Latest version of Google Chrome
A solid understanding of Blockchain

The Blockchain Academy reserves the right to cancel the Blockchain Security course at least 7-days in advance via Email if we have not received seven or more confirmed applications. If the Blockchain Security course is canceled by The Blockchain Academy then full refunds will be made. This means that the participant is aware that the event is not guaranteed to take place at the time of reservation.

COURSE OUTLINE

Module 1: Security Program Basics

  • The human factor is still a major consideration
  • Password and Key Management
  • Understanding what a cybersecurity program is (hint it’s not all about technology)
    • Management buy-in (lack of time allocation / budget allocation = risk )
    • HR and other roles that should be part of your security “team”
  • Audit trails and why they’re important to investors (most business are thinking about later stage investment, but don’t realize that raising capital requires demonstration of some cybersecurity program and audit trail)

Module 2: ICO Security (If company is still in ICO stage)

  • Startup life and speed only conflict with best practice when your best practices are not stage appropriate.
  • Securing Telegram / Slack / Twitter (examples of abuses that have misled investors)
  • Website / Web Hosting security (examples of abuses that have misled investors)

Module 3: Fundamentals

  • Proof of stake / Proof of work
  • Most projects are forked from a handful or projects .. understanding the core types.
  • Inter node communication protocols  
  • Turing complete vs incomplete chains and the security implication
  • Wallets – hardware vs software (memory dumps & secure in memory key storage)

Module 4: Introduction to Blockchain

  • Blockchain Basics
    • Blocks, chains, cryptographic primitives
    • Divergent blockchains and resyncing
      • Number of confirmations needed for synchronization
    • Types of Blockchains
      • Standard
      • Directed Acyclic Graph
      • Hyperledger

Module 5: Node and Wallet Security

  • General information about different blockchain notes
  • Blockchain Nodes/Wallets
    • Geth
    • Bitcoind
    • Parity
      • Parity Breach Analysis ($30M Eth stolen)
    • Dash Core
    • Alternative currencies
    • Wallets
  • Bitcoind Security
    • RPC connection
    • Server security parameters
    • Industry best practices
    • Separation of nodes
  • Geth security
    • RPC connection details
    • Web3 security risks
    • Account organization
    • Server parameters
  • ICOs, MyEtherWallet

Module 6: Basic Blockchain Security

  • Blockchain Security fundamentals
    • Attack vectors against blockchains
    • Security based on scarcity
    • Overview of security strategies (PoW, PoS, etc.)
    • Limitations of security
      • 51% attack on PoW
      • “Rich Get Richer” on PoS
    • How safe is the blockchain?
    • Theoretical vs. Real-World security
      • Bitcoin Hack
    • Blockchain Attacks
      • (Distributed) Denial of Service Attacks
      • Double-Spend Attacks
      • Why not a real threat on Bitcoin
        • Bitcoin Cash double spend is cheap
        • Checkpointing
      • Blockchain manipulation
    • Smart Contract Security
      • Common smart contract security flaw
    • Historical Blockchain Breaches
      • Bitcoin Hack
      • DAO Hack
    • Privacy on the Blockchain
      • Basic Blockchain Privacy
        • What is open/hidden in Bitcoin
        • Limitations of Bitcoin privacy
      • Advanced Privacy on the Blockchain
        • Varying privacy enhancement techniques and the blockchains that use them
      • Security of blockchain-based systems
        • Security problems with Lightning Protocol/Network

Module 7: Tools

  • How secure is your current architecture?
    • Solicit architecture designs in advance and give feedback
  • Secure architecture for your nodes
    • Create your own “firewall”
    • Defend your RPC
    • Can I use multiple nodes on one server or should I separate them?
    • Reorgs, how many confirmations is safe?
    • Edge cases
  • New tools that help securing the blockchain
    • OpenTimetables
    • Openchain
    • Multichain
    • BigChainDB
    • Credits - Permissioning system
    • Hyperledger - Brief introduction
    • Stellar

Module 8: Practical Blockchain Usage

  • Use Cases
    • Best blockchains for different purposes
    • Storage coins for secure backups, etc.
  • Security
    • Edge security
    • How to keep your private keys secure
    • Secure blockchain payments management