Web3 Security introduction
The internet can arguably be called one of the, if not the greatest tool made by humans. From gaining knowledge to buying products, any service you can think of, it probably is available on the internet. The possibilities seem endless.
We have come a long way since the inception of this tool, and it has changed in many ways since. These changes can be described as follows:
- Web 1.0 :The very first ‘version’ of web. Gave a user access to data hosted by other people. To explain in computer science jargon, there are a few operations we can do with data like read and write. Web1.0 was mainly used by people to ‘Read’ data. Say you want to know what a ‘chihuahua’ looks like, you could just search it up on the internet. If someone has hosted that information, you’d find it.
- 0 :The second version was a step up. While the user had the ability to read data, it also made it much easier for users to ‘Write’ data onto the internet. User generated content took the front seat, making it easier for anyone with basic knowledge about web technology to design and host web pages. While initially this change did not seem very ground-breaking, eventually it evolved to bring a large array of applications like e-commerce, social media and multimedia content, opening up new paradigms for user experience and bringing the entire world together.
It is the very nature of technology to keep evolving to greater heights, the same applies to the internet, which is where the third version of the same comes into the picture.
If you have had a presence of any kind on the web, You must have heard about buzzwords like crypto, blockchain and others being associated with the term ‘Web3.0’. From news blogs to your favourite youtuber’s, everyone seems to be talking about it.
Let me explain. Whenever a ‘version’ of the internet came about, it seemed to give a user some degree of power over the data that is stored and transported on the internet (Read and Write). In a similar sense, Web3.0 gives a user the ability to read, write and ‘own’ data.
At first glance, this may not seem like much, ‘own’ data? Why? How would that help a user?
Well think of it this way, whenever you visit a website for the first time, heck even the website you are reading this article on, it asks your permissions for cookie settings. Cookies like these tend to track each and every action you take on that website, like click another article, like a post, etc…
Even when you are browsing content platforms like youtube, every action you take is tracked. This is done to tailor a more personalised experience for the user. Like youtube makes sure the content you are recommended is something you will like to watch, or even click on, based on whatever you have seen before.
“What is wrong with that? ”, you may say, “I don’t want the app to recommend me cute camels, when I like watching cats, y’know”. And you are right, there is nothing wrong with this, until this data collection and usage crosses a line of privacy.
Data collected by the companies can be misused by them just for the sake of making more bang on their buck.
Exhibit A, The Facebook and Cambridge Analytica Case.
Basically the firm allegedly manipulated people in the voting terms***
This is the power of data. And yours should not be in the hands of a third party without any restriction.
This is the core philosophy behind Web3.0. Giving a user ownership of their data. This is accomplished using a host of technologies like Blockchain, Decentralization, Smart Contracts and such.
History is the witness that testifies whenever a new emerging technology is trying to become mainstream, a very important factor in play is how secure it is. And Web3.0 is no different.
The applications made for web3, called Decentralized Applications or Dapps, form the core of all the platforms that provide decentralized web services.
Some of the famous ones are Ethereum (ETH), Avalanche (AVAX), Solana (SOL), Binance Smart Chain (BNB) and each of these have their own Native Token like ether for Ethereum SOL for Solana and so on.
Bitcoin is also a part of these, although it is limited to only transactional functions, which means you can’t build Dapps on bitcoin, you can only transfer it from one person to another.
A very important thing to note in all this, all Dapps integrate the use of native tokens of the platforms for some or the other functionality. So if there are any vulnerabilities found on a Dapp, chances are it can have monetary impact on the Dapp. In simpler words, customer funds would directly be at risk.
Case in point: ‘The DAO Hack’, an event that deeply affected the Ethereum platform. Just to understand the scale of this: The attacker exploited a previously unknown vulnerability in smart contracts, to extract 3.6 million ether (amounting to 70 million at the time) out of the vulnerable smart contract.
More than ever there is a need for web3 security to ensure such hacks are prevented and protect user funds that are on smart contracts.
PS: Special Thanks to Harsh Sawant for valuable inputs from Hacktify Cyber Security.
Loved reading this, Here are more Resources to learn Web 3.0 Security :-
🚀 Latest Udemy Course on Web 3.0 Pentesting — https://www.udemy.com/course/web-3-dapps-smart-contracts-for-pentesting-bug-bounties-by-hacktify/?referralCode=2951EE0218B137D354E8
🧑🏻🏫 💥Stay Tuned and follow us for more content:💥🧑🏻🏫
🧑🏻💻 Cyber Security School : https://learn.hacktify.in
🔗 Udemy: https://www.udemy.com/user/rohit-gautam-38/
🧑🏻🏫 Live Trainings: https://hacktify.in/#live_training-slider
📌 Youtube :
💬 Linkedin: https://www.linkedin.com/company/hacktifycs