Prysmatic Labs is particularly interested in assessing:
Operational threatsDocker deployment ./prysm.sh start script
Potential security pitfalls in client side interaction and configuration
Data flowsData to/from external sources Data to/from internal sources
Control flow integrity
Potential current exploitable active vulnerabilities
Potential security gaps in user interaction
Security assumptions, potential future weaknesses in design and implementation
Strength of existing security controls and potential improvements that could be made
A high-level security review of Prysm dependencies
The selected vendor will be provided with a specific Git commit hash for Prysm at the start of the engagement, which will be the target of the assessment.Deliverables
The chosen vendor shall provide a security assessment report, in a PDF format, comprised of the following sections:
Executive summary, includingAn overview of the testing performed (methodology and approach). A statement describing the overall security posture of the Prysm software. A summary of the vulnerabilities identified, with their related severity.
For each vulnerability, detailed information containing:
Vulnerability descriptionLikelihood of exploitation Impact qualification Overall vulnerability severity
Recommended mitigative actionDetailed actions to perform to mitigate the vulnerability. Recommendation complexity analysis Reproducible/automatable verification of mitigation, where applicable
Appendix explaining the vulnerability severity classification model applied to the security review.
Appendix listing the toolset (open source and proprietary) used during the engagement.
After submitting the security assessment report, Prysmatic Labs will make any amendments required to the relevant codebases in order to mitigate the vulnerabilities identified throu...