CredShields

2K posts

CredShields banner
CredShields

CredShields

@CredShields

Full Scope Cybersecurity | Human Driven, AI Accelerated Pentesting | Continuous Monitoring | SOC2 Type II Audited

Katılım Aralık 2021
45 Takip Edilen3.4K Takipçiler
Sabitlenmiş Tweet
CredShields
CredShields@CredShields·
CredShields and @SolidityScan are proud to contribute to the release of the @owasp Smart Contract Top 10 2026. OWASP Smart Contract Top 10 defines the primary contract-level failure patterns that repeatedly lead to loss in blockchain systems. Sincere gratitude to @ethereumfndn Ecosystem Support Program for supporting the OWASP Smart Contract Security initiative. owasp.org/www-project-sm…
CredShields tweet media
English
20
42
72
8.5K
CredShields retweetledi
Samsung Mobile
Samsung Mobile@SamsungMobile·
💙 Like this post and get a front-row seat to what's next. Can you guess what's coming? Join us at Samsung Galaxy Unpacked on July 22. A new shape unfolds.
English
1.7K
3.9K
39.4K
403M
CredShields
CredShields@CredShields·
"Responsive, proactive, and thorough..." 💬 At CredShields, we don't just hand over a report and walk away. We stick with you through the remediation and retest phases to ensure your ecosystem is genuinely secure. Big thanks to emory.pro for the incredible feedback! 💚
CredShields tweet media
English
0
0
1
110
CredShields
CredShields@CredShields·
Check out a quick breakdown of what this incident teaches us about: 1️⃣ The reality of network isolation playbooks 2️⃣ Why your "Plan B" cannot rely on your "Plan A" infrastructure 3️⃣ The very real human impact of digital downtime #InfoSec #CyberDefense #IncidentRecovery #Operations
CredShields tweet mediaCredShields tweet media
English
0
0
0
43
CredShields
CredShields@CredShields·
A $1B transport giant hits the brakes. 🛑 Following a recent malware infection, Japan’s largest taxi operator had to proactively shut down its own digital infrastructure to contain the threat. The result? Total operational downtime, from web bookings to critical hospital transit lines. It is a stark reminder that isolation is a highly effective but an incredibly painful defense strategy.
CredShields tweet mediaCredShields tweet mediaCredShields tweet mediaCredShields tweet media
English
1
0
1
137
CredShields
CredShields@CredShields·
Never trust the client side ID. 🛑 IDOR (Insecure Direct Object Reference) remains one of the most common and critical vulnerabilities under the OWASP A01: Broken Access Control category. An IDOR happens when an API directly uses user supplied input to fetch database records without an authorization check. If a user can simply swap user/42 for user/43 in the URL and access private data, the system is wide open. How to prevent it? Don't just authenticate the user, enforce robust server side authorization. Every resource request must be checked against an Access Control List (ACL) or session token to verify if the requester actually has permission to view it. #AppSec #Cybersecurity #ApplicationSecurity #OWASP #WebDevelopment
CredShields tweet media
English
0
0
2
137
CredShields
CredShields@CredShields·
Hardcoding keys in your .env and pushing to GitHub? Stop right there 🛑 Keep your secrets out of your source control entirely. Inject them securely at runtime using your CI/CD pipeline (ci.yml) Move left on security 🛡️
CredShields tweet media
English
0
0
1
178
CredShields
CredShields@CredShields·
Every pentest, the same usual suspects. 🔄 Here are "The Five" recurring authentication and authorization flaws that keep security teams up at night. From trivial bypasses like JWT alg:none (a well deserved Critical 9.8) to the deceptive danger of missing cookie flags, these architectural slips are exactly what attackers look for first. Which one of these do you run into or remediate the most? #Cybersecurity #ApplicationSecurity #AppSec #PenetrationTesting #InfoSec
CredShields tweet media
English
0
0
3
134
CredShields
CredShields@CredShields·
🚨 Most common auth vulnerabilities we find during web app pentests. • alg:none JWTs • Role & ID manipulation • Insecure session cookies • BOLA/IDOR • Authorization logic flaws If you're shipping code in 2026, you can’t afford to miss these. #Pentest #AppSec #CyberSecurity #OWASP
CredShields tweet media
English
0
1
0
379
CredShields
CredShields@CredShields·
Read our latest edition of Security Decoded where we analyse the incidents, trends and takeaways we can take from the month of June. Read: linkedin.com/pulse/attacker…
CredShields tweet media
English
0
0
1
190
CredShields
CredShields@CredShields·
Do you have a pentest report dated this financial year?
English
0
0
0
236
CredShields
CredShields@CredShields·
RHEL 10 and Debian 13 both fell on default settings. If you run Kubernetes, CI/CD runners, or any box where you cannot fully vouch for every local user. Patch the kernel and reboot. If you cannot yet, disable the act_pedit module or unprivileged user namespaces where your setup allows.
English
0
0
0
43
CredShields
CredShields@CredShields·
If you remember Dirty COW or Dirty Pipe, it is the same family. Just a different bug with the same blind spot. What makes this one nasty is the speed. A working exploit was out within a day of the patch.
English
1
0
0
68
CredShields
CredShields@CredShields·
Are you running Linux servers? There's a new kernel bug making rounds (CVE-2026-46331) and privilege escalation is not the only reason to worry about. The quietness is a bigger reason. A normal user with no special access gets root. But they don't touch the file on disk.
CredShields tweet media
English
1
1
3
485
CredShields
CredShields@CredShields·
June 30 is in 4 days. SEBI CSCRF & HITRUST are due. Is your pentest report ready?
CredShields tweet media
English
0
0
1
192
CredShields
CredShields@CredShields·
When do you schedule pentests?
English
0
0
0
147
CredShields
CredShields@CredShields·
CredShields is now part of Launch, the @Dratahq Alliance Program. Drata is a compliance automation platform that helps companies achieve and continuously monitor SOC 2, ISO 27001, PCI, and more. We're already deep in the leading compliance frameworks our customers live by. As a Drata Alliance Program member, we will push that further with automated evidence from Drata, and security that has been tested by CredShields.
CredShields tweet media
English
0
0
1
158
CredShields
CredShields@CredShields·
AI is the new weapon for attackers. One that is worth taking seriously. But there's a second AI story that it is becoming the attack surface. Researchers have demoed a self replicating AI worm running on local open models, and "agentjacking" attacks that trick AI coding agents into executing malicious code. Most companies are racing to deploy LLM agents into workflows, support, and code pipelines. Very few are testing those agents and trusting them by default. Defending against AI powered attackers is half of the problem. The other half is securing the AI you are shipping yourself. If your agents can touch data or take actions, they are in scope. Have they been tested? Read this article by @INTERPOL_HQ 🔽 thehackernews.com/2026/06/interp…
English
0
0
0
232
CredShields
CredShields@CredShields·
It is not 2005 anymore. 🛑 Stop using MD5 or SHA 1 for password storage. Modern application security demands memory hard, side channel resistant hashing algorithms. 🔑 Why Argon2id? Unlike legacy functions or low cost bcrypt setups that specialized hardware (GPUs/ASICs) can easily brute force, argon2id is intentionally memory hard and time hard. Configuring it with parameters like 1 GiB memory, 4 lanes, and 3 iterations forces attackers to exhaust massive hardware resources to crack a single hash. Check your current auth pipelines and make sure you are aligning with OWASP® ASVS v4.0 standards! #Cybersecurity #AppSec #SoftwareEngineering #CodingTips #OWASP #Cryptography
CredShields tweet media
English
0
1
0
169