There are few security auditors who understand Blockchain in an era of Blockchain security, says this self-taught bug hunter and founder of Credshields
Shashank became a self-taught bug hunter when he was in school. He wants his company Credshields to automate security for large and small companies, which are seeing the benefits of smart contracts.
- Shashank grew up as a priced bug hunter and has secured his name in the Google hall of fame for being the same.
- His work experience led him to set up CredShields to automate security for Blockchain smart contracts.
- He is building a security consulting and security products for the era of blockchain, crypto and metaverse.
When you look at bug hunting, it is a very lucrative opportunity for young software professionals who want to get into security. Securing applications is one of the most lucrative businesses globally running into billions of dollars.
However, in the world of decentralised applications and finance, security has to be looked at very differently. One only has to meet Shashank, whose youth does not do justice to what he is solving for the business ecosystem.
In the past, Shashank has worked with Bugcrowd, binary.com, HackerOne, and Cobalt.
He has done all this while he was at school and college. Mature beyond his years, here is what Shashank wants to solve, and here are the excerpts of the interview:
When you were growing up, who influenced you to take up bug bounty programs?
Growing up I was very fascinated with computers and used to read a lot about the latest computers.
I was studying at Sainik school.
I used to use the social media channel Orkut to connect with my basketball team. One day, my friend's account was hacked and he had to create a new account. That is when I decided to learn about terms like hacking.
I spent almost a month learning about security and hacking. I realized that my friend had suffered a phishing attack. Then and there I decided that this was my future.
What are some of the things that you did in college that kept you interested in working for companies as a debugging expert?
While I was studying in Delhi I heard that Google had a bug bounty program where one actually gets paid. I spent almost two and a half months hunting bugs for Google and then I got my first reward from them, which was $200.
I was so happy because for the first time I realised that I can make this a career.
I followed Google up with PayPal.
Although when I started getting payments my father became suspicious and he thought that I was doing something illegal. Hacking does have negative connotations so it was not so surprising.
I had to sit him down and explain to him the entire concept of bug bounties.
To further prove my innocence showed him my name on the Google hall of fame for bug hunting. Only then did he breathe a sigh of relief and understood that I was doing something legitimate.
While I was in college I got a job offer from binary.com and started working with them part-time.
Becoming a bug hunter helped me win money from bug bounty programs offered by several companies.
I also began to freelance, with many companies, skipping college lectures.
It was a hard time, but four years really paid off because multiple jobs gave me perspective and I managed to pass my exams in the end.
What aspect led you to blockchain, crypto, and web 3? What impact are these going to make on the world?
I first got to know about Bitcoin when I started receiving bounties from different companies. Then my PayPal account got banned because I was receiving a good sum of money.
Getting swift payments was very difficult as most of the clients were global clients. The banks are usually suspicious about payments and ask us to sign things also, there were charges, on top of that.
Then I realized that there is something called Bitcoin, which is a digital currency.
With bitcoin coming in, I could get paid without any charges and no central entity controls it. This made me respect the concept.
I started using Bitcoin as a mode of payment for my work.
People think about it as an investment vehicle and I think that is where the problem begins.
If we actually look into the product side of blockchain & web3 there is a push for a decentralised way of working. Look at the Ethereum protocols, you can write smart contracts and bring in transparency.
I believe people should use blockchain technology as it is and not think of all this as an investment vehicle.
What does your startup Credshields and its product, SolidityScan.com, do? Why should CFOs invest in Blockchain Security?
After college, I was working with Hacker One, which is a web security company, but I was always interested in cryptos and the essence of crypto.
I made a major leap when decentralised finance came in; a financial system where KYC is not centralised.
Multiple DeFi applications are coming up these days but the problem is that so many of them are not secure. I saw a big opportunity for my company to secure these applications.
In April 2020, I decided to quit my job and spent three months understanding the problem of security in the Blockchain and crypto ecosystem.
I found two major problems.
The first problem was that there are very few security auditors who understand Blockchain.
There is a need to automate security.
Today companies spend months grappling with the problem of understanding security when they implement Blockchain and we can solve this for them at a rapid pace.
Our product SolidityScan is a product for smart contacts. We can fix all the bugs at a click of a button.
Is SolidityScan an app or a SaaS product for organisations? What is its business model and how does it work?
SolidityScan is a SaaS product.
What the company has to do is just sign up, add smart contracts and in minutes I can tell them the problem with the system and fix the bugs immediately.
A company needs to know its vulnerabilities and we can do it for them. Our backend will then show the companies all the bugs and continuously keep the system safe.
They get constant reports too. Currently, I am targeting smaller companies to use the product.
A few of the retail shops in the USA are now accepting Bitcoin as they go through this business transformation, what are some of the vulnerabilities in this change?
The vulnerabilities are always at the wallet or end payment system.
Hackers can enter web applications or applications and steal information or money.
At a smart contract level, the codes are designed in such a way that, one must study cryptography for this. The system will not compromise if one part of the chain is affected.
The contract will identify these attacks and ensure that the transaction is not compromised.
If you are dealing with cryptocurrencies, it is very important to not only secure the code, but you must also secure everything from the web application, the cloud infrastructure, and access to employees so that they don't fall for phishing scams.
Many people are doing smart contracts in the world but is it a large market? Will everybody get into blockchain?
It is going to be big in this decade because early adoption is happening.
Today there are hackathons on AI, ML, and Blockchain development, which is a good thing for the future.
In Bangalore, there have been a lot of startups working on web 3 projects, and we have been working closely with them as security auditors.
Watch this space closely because technology is going to change the way we operate.