DESIGN

Ledger Application Security Audit

Ledger understands the importance of protecting digital assets. That's why they've partnered with Kudelski IoT, an authorized test lab for Ledger Application security validation, to ensure all Ledger application integrations meet the highest security standards.

Approach

Our Comprehensive Security Audit Process

Ledger has established a rigorous security audit specification to validate application conformance to their stringent security standards. Kudelski IoT tests against that specification by putting applications through a thorough 6-stage audit process:

Application Privileges

We verify the application flags (privileges) and allowed derivation paths to ensure proper access control.

Compilation

Our audit identifies any compilation warnings and ensures they have not been silenced.

Tests

We run a series of unit tests and end-to-end tests to confirm successful execution. Additionally, we assess the tests' soundness and coverage of the application's features.

Static Analysis

We utilize scan-build and Ledger's scan options to detect potential defects.

Fuzzing

We compile the code with a code fuzzer and run a fuzzing campaign to identify any vulnerabilities.

Manual Code Review

Our experts thoroughly analyze all transaction fields, displayed transactions, transaction parsers, and field formatters. We ensure that sensitive data is properly erased and confirm that blind signing is not permitted.

Trust us

Contact us today for more details.

With Kudelski IoT’s Ledger Application Security Audit, you’ll provide the safest and most secure application experience to your users. Our commitment to rigorous security auditing ensures that your digital assets are protected to the highest possible standard.