Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
CredShields is a security audit and penetration testing provider described as Singapore-based and remote-first, positioned around an “AI-led, Human-validated” model. Its services cover enterprise Web, mobile, API, and cloud security, continuous AppSec, red teaming, and compliance readiness, as well as Web3 scenarios such as smart contracts, DApps, wallets, and blockchain protocols. The official website states that it has served 200+ organizations and protocols, and lists SOC 2 Type II and ISO 27001 information.
In terms of protection coverage, CredShields is not a standalone scanner. Instead, it is a service-oriented platform that combines AI reconnaissance, automated attack techniques, senior human penetration testing validation, and signed reports. API security is the area it describes in the most detail, covering REST, GraphQL, gRPC, and WebSocket, with testing aligned to OWASP API Top 10 2023 risks such as BOLA, authentication bypass, resource exhaustion, GraphQL introspection, and JWT misuse. For deployment, its continuous AppSec offering can integrate with CI/CD, GitHub/GitLab/Bitbucket, Jira/Linear, and Slack, feeding findings into engineering teams’ existing workflows. For management and alerting, the materials mention severity-based routing, critical alerts to Slack, Jira tickets, compliance mapping reports, retesting, and quarterly reviews by senior engineers.
Its API testing pricing is relatively transparent: around US$18k–36k for 50–200 endpoints, US$36k–72k for 200–500 endpoints, and US$72k–150k for 500+ multi-protocol APIs. Delivery typically takes 2–3 weeks and includes one free retest within 90 days. It also mentions that a typical 100–300 endpoint REST API starts at around US$14k, while REST + GraphQL starts at around US$20k. Its smart contract audit offering emphasizes 72-hour delivery, coverage for EVM/Solana/Rust/Move, and in-scope retesting, but does not provide full pricing.
The main strengths are broad coverage across both enterprise AppSec and Web3 security. Schema-driven API testing, undocumented endpoint discovery, reproducible PoCs, and compliance control mapping are all practical for both engineering and audit teams. The AI-plus-human-validation model can also help reduce false positives compared with purely automated tools. The downsides are that pricing is in USD and positioned more toward enterprise budgets, while many services still require custom assessment. CredShields One appears to be invite-only, so its openness is limited. The website also relies heavily on its own claims, with limited detail from third-party evaluations.
CredShields is better suited to SaaS, fintech, payments, healthcare, public-sector organizations, and Web3 protocols during launch, fundraising, audit, or continuous delivery stages. Clear information on access from China, payment methods, Chinese-language support, and local compliance adaptation is not readily available, so it is worth assessing network connectivity, contract payment arrangements, and cross-border data requirements in advance. Domestic alternatives in China may include QiAnXin, DBAPPSecurity, NSFOCUS, and Venustech; for Web3, it can be compared with Hacken, Trail of Bits, OpenZeppelin, CertiK, and similar providers.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on credshields.com official site.
credshields.com is an Unknown Cybersecurity provider. TG4G tracks its product information, an overall rating of 9.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach credshields.com directly.