Overview

Full Product Details

Author:   Marco Morana (Avocado Systems Inc.) ,  Harpreet Singh ,  Francesco Piccoli (Almanax; UC Berkeley)
Publisher:   John Wiley & Sons Inc
Imprint:   John Wiley & Sons Inc
Weight:   0.666kg
ISBN:  

9781119551034

ISBN 10:   111955103
Pages:   640
Publication Date:   23 October 2025
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Hardback
Publisher's Status:   Active
Availability:   Out of stock  
The supplier is temporarily out of stock of this item. It will be ordered for you on backorder and shipped when it becomes available.

Table of Contents

Table of Contents Blockchain Application Security: How to Design Secure and Attack Resilient Blockchain Applications             0 Table of Contents           1 Introduction      8 Chapter I - The Blockchain Technology Primer 22 1.1 Introduction              22 1.2 Brief History of The Blockchain and Its Evolution    22 1.3 Distributed Ledger Technology (DLT) and The Blockchain  23 1.4 Blockchain Networks           27 1.4.1 Nodes      31 1.4.2 Scalability Components 32 1.4.3 Interoperability Components       35 1.4.4 Platforms                37 1.4.5 Decentralized Applications           40 1.4.6 Practical Examples           40 1.5. The Blockchain Data Structure       43 1.5.1 Hash Functions   44 1.5.2 Digital Signatures               47 1.5.3 Block Structure    52 1.5.4 Merkle Trees & Use Cases              55 1.5.5 Fundamental Blockchain Elements          56 1.5.6 Blockchain Inherent Technology Security Risks  59 1.6 Consensus Algorithms        67 1.6.1 Different types of consensus algorithms 67 1.6.2. Deterministic vs Non Deterministic Consensus Algorithms        74 1.7 CryptoCurrencies  75 1.7.1 Cryptocurrencies Use Cases        77 1.7.2 Use of Cryptocurrencies and Security Risks         78 1.8 Digital Wallets         79 1.8.1 Introduction          79 1.8.2 Security Features of Digital Wallets          84 1.9 Digital Transactions              86 1.9.1  Transaction Automation With Smart Contracts  91 1.9.2  Token Transactions          94 1.10 Privacy Controls   96 1.10.1 Anonymity vs. Pseudonymity of Blockchain Transactions           98 1.10.2 Techniques for Enhancing Transaction Privacy 99 1.11 Identity Controls  101 1.11.1 Identity Verification Methods     102 1.11.2 Privacy-Preserving Identities     104 1.11.3 Identity & Access Management 106 1.11.4 Decentralized Identities (DID)   108 1.12 Legal and Regulatory Considerations        109 1.13 Conclusions           117 1.14 Future directions and trends in blockchain technology    119 Chapter II - Designing Secure Decentralized Applications (DApps)       121 2.1 Introduction              121 2.2 Decentralized Applications (DApps)             127 2.2.1 Decentralized Application Architectures 130 2.2.2 Comparison of DApps with traditional centralized applications 137 2.2.3 Analysis of use cases for blockchain and decentralized applications      139 2.3 Identification of security requirements for dApps   143 2.3.1 Elicitation of Security Requirements        143 2.3.2 Example of dApps Security Requirements             146 2.4 Securing Decentralized Applications (DApps)          149 2.4.1 Principles of Secure Blockchain Platform Design               150 2.4.1.1 Overview of Security Architecture Principles   151 2.4.1.2 Security Architecture Principles for DApps Design         151 2.4.2 Securing DApps By Design             157 2.4.2.1 Identifying DApps Security Design Flaws & Vulnerabilities        159 2.4.2.2 Securing DApps Components by Design & Implementation     165 2.4.3 Blockchain APIs  177 2.4.3.1 Securing Blockchain APIs          177 2.4.3.2 BlockChain API Vulnerabilities 180 2.4.3.3 Security Review of Blockchain API        183 2.4.4 Securing DApps Confidential Data & Transactions            185 2.4.4.1 Security Requirements For The Protection of Confidential Data             188 2.4.4.2 Vulnerabilities Exposing Confidential and Transactions Data in dApps 191 2.4.4.3 Security Reviews To Identify Design Flaws and Vulnerabilities in dApps              192 2.4.5 Consensus Algorithms    194 2.4.5.1 Identification of potential security design vulnerabilities related to consensus algorithms       195 2.4.5.2 Best practices for selecting and implementing secure consensus algorithms 198 2.4.6 Protecting Secrets             200 2.4.6.1 Practical examples of security by design protection of secrets and keys in dApps         201 2.4.6.2 Identification of potential vulnerabilities related to secret and key management with Dapps  203 2.4.7 Securing Token-Based Transactions         204 2.4.7.1  Explanation of Token-Based Transactions         205 2.4.7.2 Secure Token standards              207 2.4.7.3 Security Considerations for Securing dApps with Token-Based Use Cases       209 2.4.8 Securing Cryptocurrency Decentralized Exchanges (DEXes) Transactions            212 2.4.8.1 Securing DApp integration with Digital Exchanges         213 2.4.8.2.Mitigating the risks of DEX Use Cases  217 2.4.9 Securing Digital Identities              223 2.4.9.1 Explanation of Digital Identities              224 2.4.9.2 Security Considerations for Digital Identities   226 2.4.10 Securing Smart Contracts           229 2.4.10.1 Overview of Smart Contracts and Security Considerations    229 2.4.10.2. Common Smart Contract Vulnerabilities and Associated Risks          231 2.4.10.3 Best Practices for Smart Contracts Security  234 2.5 Conclusions for This Chapter           243 2.5.1 Future directions and trends in secure blockchain application design, development, testing and audit for compliance.     245 Chapter III - Securing Blockchain Applications: Identifying and Mitigating the Vulnerability Risks         246 3.1 Introduction              246 3.1.1 Focused DApp Application Security         247 3.1.2 DApp Vulnerabilities Risks             248 3.1.3 Lesson Learned from Security Incidents 249 3.1.3.1 Smart Contract Vulnerability Exploits: A Real Concern 250 3.1.3.2 Digital Wallet Design Flaws Exploits     252 3.1.3.3 LL-1: Conduct Security Audits Of Smart Contracts       254 3.1.3.4 LL-2: Require Responsible Disclosure of Vulnerabilities            255 3.1.3.5 LL-3: Comply With Regulatory Requirements  255 3.1.3.6 LL-4: Address Scalability and Network Congestion Issues         256 3.1.3.7 LL-5: Strengthen Incident Response Process   257 3.2 Enhancing Blockchain Security: Preventing and Remedying Vulnerabilities and Design Flaws        259 3.2.1 Introduction to Threat Modeling  260 3.2.2 PASTA Threat Modeling    263 3.2.2.1 Definition of Business Objectives (DBO)             263 3.2.2.2 Definition of the Technical Scope (DTS)               265 3.2.2.3 Application Decomposition and Analysis (ADA)              266 3.2.2.4 Threat Analysis (TA)        268 3.2.2.5 Vulnerability Analysis (VA)         270 3.2.2.6 Attack Modeling (AM)    272 3.2.2.7 Risk Assessment & Mitigation (RAM)    274 3.2.3 Threat Modeling Example: DeFi Lending & Borrowing DApp           279 3.2.3.1 Stage I - Definition of Business Objectives (DBO)           282 3.2.3.2 Stage II - Definition of Technical Scope (DTS)    294 3.2.3.3 Stage III - Application Decomposition & Analysis (ADA)              300 3.2.3.4 Stage IV - Threat Analysis (TA)   313 3.2.3.5 Stage V - Vulnerability Analysis (VA)      330 3.2.3.6 Stage VI - Attack Modeling (AM)               339 3.2.3.7 Stage VII - Risk Analysis and Management (RAM)           355 3.2.4 SecDevOps Tools               373 3.3 Auditing Blockchain Applications for Compliance 380 3.4 Conclusions              385 Chapter IV - Securing Blockchain Applications: Practical Examples    387 4.1 Introduction              387 4.2 DApp Creation Example      388 4.2.1 Architecture         388 4.2.1 Project Components        389 4.2.1.1 Token.sol (ERC-20 Token Contract)        389 4.2.1.2 Smart Contract Deployment    389 4.2.2 AWS Integration  389 4.2.2.1 API Gateway Setup        390 4.2.2.2 Create a New API in Amazon API Gateway         390 4.2.2.3 Link the API to AWS Lambda Function 390 4.2.2.4 Define API Methods       391 4.2.2.5 Additional Configuration             392 4.2.3 Create A Frontend              393 4.2.3.1 Create React App           393 4.2.3.2 Create Frontend Code  393 4.2.4  Security Review 394 1. Smart Contract Vulnerabilities           394 2. AWS Lambda Security            394 3. API Gateway Misconfigurations         395 4. Data Storage Risks    395 5. Blockchain Event Handling  395 6. Cross-Origin Resource Sharing (CORS)          395 7. Frontend Integration Risks    395 4.2.5 Conclusion            396 4.3 Code Auditing Examples     397 4.3.1 Introduction          397 4.3.2 Rationale for Secure Coding Practices    397 4.3.3 Auditing Smart Contract Code     398 4.3.3.1 Common Smart Contract Vulnerabilities: Reentrancy 398 4.3.3.2 Integer Overflows and Underflows         400 4.3.2.3 Denial of Service (DoS) in Contracts     400 4.3.2.4 Access Control Failures              401 4.3.2.5 Logic Flaws and Business Logic Errors 402 4.3.4 Audit Processes and Tools for Smart Contracts  403 4.3.4.1 Manual Code Review    403 4.3.4.2 Automated Static Analysis Tools             403 4.2.4.3 Unit and Integration Testing       404 4.3.5 Best Practices in Smart Contract Audits 405 4.3.5.1 Security-by-Design       405 4.3.5.2 Remediation and Secure Re-Deployment          405 4.3.6 Auditing Blockchain Node Software         406 4.3.6.1 Types of Blockchain Nodes       406 4.3.6.2 Typical Vulnerabilities in Node Implementations           406 4.3.6.2.1 Consensus Algorithm Weaknesses   406 4.3.6.2.2 Networking Stack and P2P Protocol Issues   407 4.3.6.2.3 Resource Exhaustion Attacks               408 4.3.6.2.4 Configuration and Key Management Errors   409 4.3.6.3 Approaches to Node Software Auditing              410 4.3.6.3.1 Source Code Review 410 4.3.6.3.2 Penetration Testing    411 4.3.6.3.3 Continuous Integration/Continuous Deployment (CI/CD) Checks     411 4.3.7 Auditing Wallet Software 412 4.3.7.1 Types of Wallets              412 4.3.7.2 Wallet-Specific Vulnerabilities 414 4.3.7.2.1 Private Key Exposure 414 4.3.7.2.2 User Interface Manipulation (Phishing or Spoofing)   414 4.3.7.2.3 Transaction Handling Errors  415 4.3.7.2.4 Third-Party Library Issues       415 4.3.7.3 Wallet Security Audits and Testing         415 4.3.7.3.1 Code Review for Cryptographic Routines       415 4.3.7.3.2 UI/UX Security Testing             416 4.3.7.3.3 Secure Build and Deployment             416 4.3.7.3.4 Compliance with Regulatory or Industry Standards   416 4.3.8 Auditing Decentralized Applications (dApps)        417 4.3.8.1 dApp Architecture Components             417 4.3.8.2 Common dApp Vulnerabilities 418 4.3.8.2.1 Front-End Vulnerabilities       418 4.3.8.2.2 Smart Contract Integration Flaws      418 4.3.8.2.3 Data Privacy and Confidentiality Gaps            419 4.3.8.3 dApp Auditing and Testing          419 4.3.8.3.1 End-to-End Testing    419 4.3.8.3.2 Penetration Testing and Ethical Hacking         420 4.3.8.3.3. Security Scans in CI/CD         420 4.3.9 Consolidating Findings and Reporting      421 4.3.9.1 Security Reporting Framework 421 4.3.9.2 Coordination With Development Teams             421 4.3.9.3 Disclosure Best Practices          422 4.3.10 Conclusion         422 Appendix A - Threat Scenario & Threat Event Enumeration Analysis     424 Appendix B  - Threat Scenarios To Weakness/Vulnerabilities Mapping Analysis             446 Appendix C - Threat to Attack Scenarios Mappings       453 Appendix D - Threat Scenarios Attack Simulation Tests              455 Appendix E - Threat Risk Ratings             458 Appendix F - Risks Mitigation Plan         460 Appendix G - Threats Risk Register Example     462 Appendix H - Compliance and Audit Readiness Report               463 Appendix I  - Attack Simulation Testing Results               465 Appendix L  - Stakeholder Risk Communication Report              466 References        469 Acknowledgments        483 About the Authors          484 Book Index         487

Reviews

Author Information

Marco Morana is the Field CISO at Avocado Systems Inc., where he leads the deployment of runtime threat modeling and product security solutions for enterprise clients where he leads the deployment of runtime threat modeling and product security solutions for enterprise clients. Previously, he held senior security leadership roles at JPMorgan Chase and Citibank, where he directed global architecture programs and led S-SDLC adoption across cloud and application platforms. At Citibank, Marco conducted architecture risk assessments for blockchain pilots including the first digital asset trade with Nasdaq via Chain.com and authored the bank's first security standards for blockchain. He is the coauthor of the PASTA threat modeling methodology and OWASP project leader focused on secure-by-design for blockchain and AI systems. Harpreet Singh is a seasoned engineering leader with 19 years of experience driving innovation in AI/LLM, cybersecurity, and large-scale distributed systems. He is known for a strategic approach to architecture, a focus on customer trust and safety, and a collaborative leadership style. He has successfully launched new products, integrated emerging technologies, and optimized security practices across global organizations. Francesco Piccoli is the cofounder and CEO of Almanax, a cybersecurity firm specializing in AI-powered solutions. He was previously the Head of Product at AnChain.AI, where he built security and compliance tools for the US SEC, IRS, and Salesforce. His team was part of $100M+ crypto hacks investigations. Prior to AnChain.AI, he led research initiatives in anomaly detection and autonomous driving. Francesco holds a Master of Engineering from UC Berkeley and lives in New York.

Tab Content 6

Author Website:  

Countries Available

All regions