Quantstamp, a leading provider of smart contract audits, has partnered with CoGuard to identify misconfigurations and vulnerabilities of Web2 infrastructure within Web3 stacks.
In the rapidly evolving world of Web3 technology, ensuring the security and integrity of smart contracts is of paramount importance. The modern Web3 stack often comprises both smart contracts and classic Web2 server infrastructure, this allows for flexible, scalable and serviceable environments that can be rapidly deployed at scale.
Web2 infrastructure has evolved to be highly complex and this complexity has led to misconfigurations and security vulnerabilities due to these misconfigurations. CoGuard has partnered with Quantstamp, a leading provider of smart contract audits, to identify misconfigurations and vulnerabilities of Web2 infrastructure within Web3 stacks.
By combining Quantstamp’s expertise in smart contract audits and CoGuard’s Web2 infrastructure evaluations, a unique and comprehensive solution that addresses the diverse needs of Quantstamp's clients emerges.
For Chainproof, a Quantstamp subsidiary which insures staking providers, there is a unique risk where clients use existing Web2 infrastructure to provide a setup for Ethereum’s new “proof-of-stake” protocol to their clients. The main configuration risk is slashing. Slashing risk can be remediated by a proper infrastructure setup. CoGuard provides an automated way to identify and map compliance controls to slashing risk for each client environment. Chainproof can assess the risk of a company’s infrastructure configuration in advance.
One of the standout features of CoGuard is its ability to ingest the widest variety of infrastructures in the industry. This sets them apart, as Quantstamp's clients often utilize alternatives to the major cloud providers such as AWS, GCP, or Azure. Regardless of the infrastructure in use, CoGuard's platform abstracts it into a proprietary mapping, and the team is consistently adding new wrappers for the encountered infrastructure providers. This automation ensures a thorough evaluation of infrastructure configurations. This versatility is invaluable in meeting the unique requirements of Chainproof’s clients, and ensuring that all controls are checked with an automated engine compared to an error-prone manual process.
At the heart of CoGuard's offering is its scanning engine, which enables quick and efficient checks of common security controls for most configurable software. This advanced technology allows for rapid extensions and updates, ensuring that emerging vulnerabilities and evolving security practices are promptly addressed. By prioritizing infrastructure misconfigurations, particularly those contributing to risks to slashing, CoGuard empowers Chainproof to mitigate potential threats efficiently and effectively and to focus on the most important items.
Classical infrastructure components such as containers, databases, and web servers play a vital role in most of the Web3 stack. While many think of Smart contracts alone when talking about Web3, there is often additional facilitating technology utilized to achieve, among other things, performance. Other use cases are the setup of Wallets, and provision of infrastructure to perform proof-of-stake computations. CoGuard's comprehensive approach bridges the gap between smart contracts and traditional infrastructure, enforcing the philosophy of shift-left security and defense-in-depth. Users can discover configuration files within their code repositories, even within imported containers, enabling a holistic assessment and proactive identification of potential vulnerabilities. Furthermore, given the expertise of employing best practices from Web2, CoGuard helps moving the same standards to Web3 technology providers.
As they continue to work together, Quantstamp and CoGuard are poised to advance on the mission to secure the decentralized internet and address every angle in the ever-evolving world of blockchain technology.
Quantstamp is a global leader in blockchain security, on a mission to secure the future of web3. Founded in 2017, the team has honed their expertise through hundreds of audits and worked with some of the top projects in the industry including Maker, Compound, Polygon, Arbitrum, Sandbox, and many more.
In addition to providing an array of security services, Quantstamp facilitates the growth and longevity of the web3 space through strategic investments and acting as a trusted advisor to help projects scale.
To date, Quantstamp has performed 600+ audits and secured over $200 billion in digital asset risk from hackers.
CoGuard is a technology company that was founded with a key realization: despite the abundance of cybersecurity products and significant investments in the field, regular breaches still occur due to simple misconfigurations. Recognizing this flaw in the process and the inadequate consideration of every layer of configurations, CoGuard set out to create a product to fix this shortcoming. They specialize in performing comprehensive checks on IT infrastructure, meticulously detecting misconfigurations across all layers. With an extensive engine and the ability to support a wide variety of infrastructure combinations, CoGuard ensures that no stone is left unturned in the pursuit of robust cybersecurity. By addressing these often-overlooked vulnerabilities, CoGuard is at the forefront of enhancing security practices and protecting organizations from potential threats.
.jpg)
