Case Study: Hacken’s Audit of EBSI Smart Contracts
Hacken performed smart contract audits for the EBSI, contributing to the safety and reliability of digital public services across Europe
🇺🇦 Hacken stands with Ukraine!Learn more
March 14. AirAsia, Asia’s largest low-cost carrier by passengers, has partnered with Estonian cybersecurity consultancy company Hacken to complement their security strategy to ensure the best user experience for their passengers.
Under the agreement, Hacken will perform an advanced secure code review of AirAsia applications to support the company with PCI DSS compliance requirements. The review will cover AirAsia Centralized Engine, Android and iOS mobile applications, and a New payment system, with the goal to check consistency and security of legacy code as well as the implementation of secure software development best practices.
Airline companies are prone to incidents of data theft and breaches, with cases of passport data, credit card numbers and other sensitive information being stolen by malicious hackers.
There is no precise definition of this term. As a rule, an understanding of how a quality source code should look is based on years of experience of a specialist. Some programmers adhere to the abstract principle of KISS, which stands for Keep It Simple, Stupid! (“Make it easier, stupid!”). In part, this design method is fair, since it reflects the main rule of good code – simplicity and clarity. However, simplicity is often confused with simplification, therefore, the quality of the source code in a professional environment is judged by several other properties:
To facilitate the understanding of code in a professional environment, each programming language has its own Code Style – the standard of design. It is he who dictates the rules: where to put spaces or brackets, how to separate strings or name variables. It may seem that these nuances are not so important, but their compliance greatly facilitates the understanding of the code for those who see it for the first time.
Not every programmer can write really good code. This is especially hard given to those who are just gaining experience. But even competent developers can make mistakes from time to time. Therefore, studios that create high-quality software regularly conduct code inspections.
One of the most popular and at the same time fairly simple to implement techniques is called Code Review. Its meaning is that any changes made by the programmer get into the main code repository and into the release version of the software only after the rest of the team members have checked them.
This process consists of several steps:
First, the developer adds new functionality to the code and notifies the rest of the participants that they need to check for these updates.
At the second stage, team members, or reviewers, look at the code and leave their comments. Some companies that practice Code Review focus only on finding bugs, but to really improve the quality of the code, you should also point out architectural flaws, improper use of tools and a poor writing style – incomprehensible or poorly perceived.
Further work with remarks follows. If the author does not agree with any claim, he may reject it, but for this, it is necessary to provide convincing arguments in defense of his position. If there are no arguments, he makes the necessary corrections.
Then everything repeats first and happens systematically – every time a new batch of changes is made to the code.
The Code Review technique helps in the early stages to find some mistakes and get rid of incomprehensible and confusing solutions. Not one person but a whole team is involved in the work on the code, so a fresh outlook can often appear.
A programmer who knows in advance that colleagues will check his work, tends to write more accurately and in an organized way. The output is a code that is understood by several people, which means that it is much closer to quality.
When a group of several specialists is familiar with the code at a high level, it becomes easy to transfer between the process participants. If the need arises, any member of the team can quickly delve into the work and make it qualitatively.
Thanks to Code Review, the so-called bus factor, or “bus factor”, is reduced. So called the number, meaning the number of team members who must bring down the bus, so that all knowledge about the project was lost. For example, four people are employed in the project, if two of them leave for some reason, the rest will be able to finish the work, and if three leave the team, the last participant will not manage alone.
“Every company that deals with sensitive data should ensure its privacy and secure storage management. Hacken is honored to cooperate with such an esteemed and guest-obsessed airline as AirAsia. Hacken will utilize the best practices of SDLC to provide AirAsia with the highest quality of applications secure code review. ”— Dmytro Budorin, CEO Hacken
AirAsia, the world’s leading low-cost carrier, services an extensive network of over 200 destinations across the Asia Pacific. Since starting operations in 2001, AirAsia has carried more than 500 million guests and grown its fleet from just two aircraft to over 200. The airline is proud to be a truly ASEAN (Association of Southeast Asian Nations) airline with established operations based in Malaysia, Indonesia, Thailand, and the Philippines as well as India and Japan, servicing a network stretching across Asia, Australia, the Middle East, and the US. AirAsia has been named the World’s Best Low-Cost Airline at the annual Skytrax World Airline Awards 10 times in a row from 2009 to 2018. AirAsia was also awarded World’s Leading Low-Cost Airline for the sixth consecutive year at the 2018 World Travel Awards, where it also won the World’s Leading Low-Cost Airline Cabin Crew award for a second straight year.
Hacken is a global cybersecurity consultancy firm. It provides a wide range of cybersecurity services such as security assessment, deep-dive penetration testing, bug bounty as a service, and secure code review.