Focusing on the blockchain ecosystem security, the security team of SlowMist has reportedly open-sourced Web3 Project Security Practice Requirements. Based on the Web3 Project Security Practice Requirements, SlowMist aims to assist the blockchain project team to set and enhance its security system.
Sharing the news, Chinese reporter Colin Wu tweeted:
SlowMist security team has open-sourced Web3 Project Security Practice Requirements to help the blockchain project team to establish and improve its own security system based on Web3 Project Security Practice Requirements, and also have certain security capabilities after… pic.twitter.com/FsR1yowzAz
— Wu Blockchain (@WuBlockchain) April 8, 2023
With “attacks” rising that target web3 projects and the “interactions between projects” getting complex. The project-to-project interactions introduce novel security problems.
While web3 development teams don’t generally have experience in curtailing cutting-edge security attacks, they tend to focus on “business demonstration,” they are not able to construct security systems.
In its GitHub open-source literature, SlowMist states the reason behind the step is being able to “continuously help the project team in the blockchain ecosystem to master the corresponding Web3 project security skills”.
Emphasizing on the vitality of the Basic Security Configuration Requirements, SlowMist elaborates on their Web3 Project Security Practice Requirements.
In the Development Preparation section, SlowMist presents the Documentation Requirements for Requirements Analysis, Development Design, and Business Process.
In the Development Process section, SlowMist presents the Smart Contract Security Coding, and Test Case Code Requirements.
Talking about the Web front-end Security Configuration, SlowMist addresses the crucial aspects, such as the HTTP communication across the entire site requiring HTTPS, and the configuration of CSP policies, X-Frame Options, and HSTS configuration. SRI, CORE, and postMessage configurations are also duly stated.
In the Release Process section, SlowMist states that a “complete security online release process” is a must, including Code Freeze, Unit Test, Regression Testing, Test Report, and Security Audit requirements.
The Runtime Process section talks about Runtime Security Monitoring, Runtime Environment Security, Bug Bounty Program Release, and forming an Emergency Response Group.
Lastly in the Emergency Response Section, SlowMist talks about establishing a Complete Emergency Response Process. It also mentions Stop Loss Disposal, Tracking Hacker, Problem-solving, Security Release, and Issue Analysis requirements.
