Pentesting Securrency's Blockchain Financial Services

by Olga Kovalenko 11.02.2025 5 min
Pentesting Blockchain Financial Services
Client: Securrency (now part of DTCC)
Industry: Blockchain and Financial Technology
Company Size: 50 to 200 Employees
Services Used: Penetration Testing, API Security Testing, Mobile and Web App Security, Security Integration

Save this case study in PDF

Download PDF
Let’s talk!

Reach out to discuss your needs and see how Iterasec can help.

Contact us

Client

Securrency is a leading blockchain technology company providing revolutionary financial and security compliance tools to issuers, institutions, and brokers. With a mission to be the world leader in financial logistics, Securrency leverages the power of blockchain technology to automate business logic and global compliance requirements. They work with some of the largest banks and financial institutions globally, deploying powerful blockchain-based financial services and compliance infrastructure to support the rapid transition from inefficient legacy systems to agile digital asset deployment and servicing.

Background

As Securrency rapidly expanded its operations and developed cutting-edge blockchain-based financial services, ensuring the security and integrity of their platforms became critically important. With the deployment of APIs for external use, web applications, and mobile applications, Securrency needed a robust security framework to protect against potential cyber threats and maintain trust with their clients and partners. The dynamic nature of their development process, with frequent updates and iterations, required ongoing security assessments integrated into their development lifecycle.

The Challenge

Securrency approached Iterasec with several key objectives:
Comprehensive Security Testing: Conduct regular penetration testing of their web applications, mobile applications, and APIs to identify and mitigate vulnerabilities.
Integration with Development Process: Integrate security testing and assessments into their continuous development and deployment processes.
Ongoing Security Support: Provide ongoing security expertise to ensure that new features and updates are secure before release.
Adapt to Rapid Development Cycles: Align security assessments with Securrency's agile development cycles, performing security tests every 3-4 months.

The Solution

Iterasec provided a comprehensive suite of cybersecurity services tailored to Securrency's needs.

Web Application Penetration Testing

  • Initial Assessment:

    Conducted thorough penetration testing of Securrency's web applications to identify vulnerabilities in application logic, authentication mechanisms, data validation, and other critical areas.

  • Recommendations:

    Provided detailed reports with findings and recommended remediation steps to address identified vulnerabilities.

Mobile Application Security

  • Security Assessment:

    Performed in-depth security testing of Securrency's mobile applications, analyzing both Android and iOS platforms.

  • Code Review:

    Assisted in reviewing mobile application code for security weaknesses and compliance with best practices.

API Security Testing

  • Regular API Testing:

    Conducted iterative penetration testing of Securrency's APIs every 3-4 months, ensuring that each update and new deployment maintained a high level of security.

  • Continuous Integration:

    Helped integrate security testing into the development pipeline for ongoing monitoring and quick detection of new vulnerabilities.

Integration into Development Process

  • Collaboration with Development Teams:

    Worked closely with Securrency's development teams, becoming an integral part of their development cycles.

  • Security Training:

    Provided training and guidance to developers on secure coding practices and how to address common security vulnerabilities.

The Outcome

Through this long-term partnership, Iterasec significantly enhanced Securrency's security posture:
Vulnerability Mitigation: Identified and helped remediate numerous vulnerabilities across web, mobile, and API platforms.
Proactive Security: Established a proactive approach to security, integrating assessments into the development lifecycle.
Seamless Integration: Security assessments became a natural part of Securrency's agile development cycles.
Developer Empowerment: Developers gained knowledge and skills in secure coding, reducing the introduction of new vulnerabilities.
Client Confidence: Strengthened trust with clients and partners by demonstrating a commitment to security.

Conclusion

Iterasec partnership with Securrency over four years showcases the importance of integrating security into every aspect of development, especially in rapidly evolving fields like blockchain-based financial services. By providing ongoing security assessments, integrating with development processes, and empowering development teams, Iterasec helped Securrency maintain a robust security posture, protect sensitive financial data, and continue innovating confidently in the financial technology sector.