Auditware

824 posts

Auditware banner
Auditware

Auditware

@audit_wizard

Industry leading OpSec audits, security tools, and code reviews performed by true security wizards

Katılım Ağustos 2022
546 Takip Edilen2.7K Takipçiler
Sabitlenmiş Tweet
Auditware
Auditware@audit_wizard·
In 2022, we performed one of the first ever OpSec audits for a web3 company, pulling from over 7 years of experience securing the most sensitive and high value teams at companies like Apple and Amazon. We built a bespoke audit process from the ground up that covers all of the weak points that code and infra audits don't. Over the past 4 years we've reviewed OpSec for VCs, startups, mature companies, and teams ranging from 5 people to 50+. Including crypto-adjacent orgs with no on-chain presence, and crypto-native orgs with dozens of multi-sigs and hot wallets. We started with ad-hoc reviews tailored to each organization: Meet with the team to ask all the questions we could think of, build a threat model, and write a report highlighting risks and recommending mitigations. But we quickly learned that, while there are unique risks each team faces, much of the topics we covered were shared between orgs. We wrote guides for securing Discord servers, Twitter/X accounts, email servers, and developed both targeted and generalized trainings for whole teams. We also learned that these audits ran most smoothly with some sort of structure in place to define what each meeting should cover, who we needed to talk to in the org, and when we knew we were done. And when we spoke about OpSec to teams they didn't have a solid understanding of what it even meant or what the scope included. We built a very detailed internal process and set of resources outlining all of this. Since then, we've taken that internal playbook and refined it across multiple audits, each with their own unique risks and challenges. But this was something we felt we could not keep to ourselves. Last year, we converted that playbook into a comprehensive set of requirements, guides, and tools - all open source and free for anyone to use. We called it the Web3 OpSec Standard (W3OS). What sets W3OS apart from other OpSec resources is that it aggregates a comprehensive set of guidance into one place; presents everything as actionable checklists; and provides concrete guides for configuring platforms, setting up secure development environments, and training teams to stay secure. This year, we've also started building tools to support these guides and requirements and enable teams to take their OpSec seriously without having to build complex monitoring tools themselves. Auditware has been doing OpSec audits for over 10 years, we wrote the book on web3 OpSec, and we continue to build open source public goods for tackling OpSec issues because we truly believe that our industry cannot thrive without preventing the many, easily preventable security failures we have seen over the years. We highly encourage everyone to put these resources to good use and tighten up your OpSec before you have an incident! The best way to get started with this is making an account on our free OpSec collaboration platform platform, Sentry, which allows you to navigate W3OS requirements and guides with ease, track tasks across your team, and set up monitoring tools: sentry.auditware.io
English
4
3
10
1.3K
Auditware retweetledi
The Relay
The Relay@The_Relay_·
The OpSec training had us tossing and turning for a few hours later that night. @Audit_wizard broke down ways people get drained, like zero-click attacks from malicious sites, phishing, and dApps asking to sign without context. They also told us how to protect ourselves. ICYMI, clip below. Full broadcast is up on The Relay.
Auditware@audit_wizard

Thanks to everyone who tuned in for the Auditware × @The_Relay_ OpSec live broadcast 🫂 One of the core moves we walked through: browser isolation 🎯 Your wallet and your daily browsing should never share a browser. 🌐 Web attacks jump from a malicious page to your live session and hijack it. Sometimes zero-click. 🚫 What a wallet browser blocks: • Random extensions • dApps asking you to sign without context ⏸️ The friction of switching browsers is intentional. The pause gives you time to review what you're signing.

English
0
2
4
210
Auditware
Auditware@audit_wizard·
Thanks to everyone who tuned in for the Auditware × @The_Relay_ OpSec live broadcast 🫂 One of the core moves we walked through: browser isolation 🎯 Your wallet and your daily browsing should never share a browser. 🌐 Web attacks jump from a malicious page to your live session and hijack it. Sometimes zero-click. 🚫 What a wallet browser blocks: • Random extensions • dApps asking you to sign without context ⏸️ The friction of switching browsers is intentional. The pause gives you time to review what you're signing.
English
1
0
4
375
Auditware retweetledi
Raiders
Raiders@__Raiders·
@audit_wizard thanks for featuring Digibastion.com, many cool things on the roadmap - full redesign - public release - chrome extension - we'll raffle some free coupons for PRO subscription - more supply chain and OpSec toolings
English
0
1
4
128
Auditware
Auditware@audit_wizard·
@__Raiders built Digibastion because web3 opsec tooling was scattered across a dozen tabs. There was no single place to check your own posture. Now it's one platform. It combines an assessment, a full wallet and DeFi checklist, and live threat intel. It's a consolidation layer, not another point tool. What's inside: - 200+ expert-backed security items across 11 categories 📋 - An 8-question opsec quiz with crypto-themed rankings 🏆 - Threat intel covering 30+ incidents from 19 feeds (CISA, NVD, MSRC) ⚠️ - Backed by a 2025 Ethereum Foundation ESP grant ✨ - DNS and supply-chain scanners shipping in 2026 🚀 @__Raiders what's next on the roadmap? Know a tool or team we should spotlight next? Apply at w3os.auditware.io
English
1
4
9
458
Auditware retweetledi
forefy
forefy@forefy·
Guess my most-starred open source web3 project 🔍🔍🕵️ No cheating !! (hints below)
English
1
1
3
561
Auditware
Auditware@audit_wizard·
🚨 Your SOC2 checklist is sitting in a Notion page right now most likely untracked and unaudited..... There's a free SOC2 tool that's auditable by default and pulls its own evidence via Sentry API! 👇 sentry.auditware.io
Auditware tweet media
forefy@forefy

We're kinda trying something new here. "SOC2 automation for Web3 teams" (FREE and OSS - only gmail required) Both for teams that have to, or for smaller teams that want to be "best practice" secure. And it goes like this 🧵👇

English
0
0
5
586
Auditware retweetledi
The Relay
The Relay@The_Relay_·
Don't get got. This industry is full of people working to separate you from your wallet. We're talking to @audit_wizard about the human element of security and how to keep your stuff safe. Actionable info on what boxes to check. No fearmongering. Live on Tuesday 7PM ET
The Relay tweet media
English
0
2
8
322
Auditware retweetledi
forefy
forefy@forefy·
We're kinda trying something new here. "SOC2 automation for Web3 teams" (FREE and OSS - only gmail required) Both for teams that have to, or for smaller teams that want to be "best practice" secure. And it goes like this 🧵👇
English
1
1
7
1.1K
Auditware
Auditware@audit_wizard·
What OpSec tool do you actually use? What would you build if it didn't exist? Over the next few weeks we're spotlighting the tools and authors shipping real OpSec security in Web3! Building or know someone who should be listed? Apply now: w3os.auditware.io
Auditware@audit_wizard

Web3 has plenty of smart contract audit directories. Finding a firm that actually specializes in operational security, endpoint hardening, multisig security, or incident response is much harder. So we built a directory for exactly that 🕵️‍♂️ w3os.auditware.io

English
1
1
7
536
Auditware
Auditware@audit_wizard·
Web3 has plenty of smart contract audit directories. Finding a firm that actually specializes in operational security, endpoint hardening, multisig security, or incident response is much harder. So we built a directory for exactly that 🕵️‍♂️ w3os.auditware.io
English
3
3
17
2.5K
Auditware
Auditware@audit_wizard·
@__Raiders Continue the good work as always ser 💜
English
1
0
2
76
Raiders
Raiders@__Raiders·
Thanks for creating this amazing web3sec directory of firms/tools specializing in opsec/web2sec side. hit me up, if you'd like to get your domain + its dns hardened and secure. happy to provide a FREE report to a few projects as we're currently in BETA looking to help as many projects to secure their domain, dns, frontend & it's supply chain.
Auditware@audit_wizard

Web3 has plenty of smart contract audit directories. Finding a firm that actually specializes in operational security, endpoint hardening, multisig security, or incident response is much harder. So we built a directory for exactly that 🕵️‍♂️ w3os.auditware.io

English
1
1
10
804
Auditware
Auditware@audit_wizard·
The directory is live and open. If your firm should be on this list, you can apply directly on the site. If we missed a good tool or company, just let us know 🫂💜 w3os.auditware.io
English
0
0
4
144
Auditware
Auditware@audit_wizard·
We listed over 14+ open-source security tools built by these teams. From hardened dev containers to AI skill scanners. From 112 stars down to 1 star. All of them are free, and every listing links directly to the repo! w3os.auditware.io/tools
English
1
0
4
210