11 comments

[ 2.9 ms ] story [ 35.3 ms ] thread
This is till a WIP, but still pretty useful, all comments are welcome
My company uses http://appcanary.com and recently GitHub has introduced a similar feature https://github.com/blog/2470-introducing-security-alerts-on-...
I searched and I did not know about them. Thanks for letting me know. These are actually the first paying service I have seen on this (at least the server side, I had seen it for webapps).

I'll probably start out with Java/Scala on the webapp side and on the server side I'm thinking of an easy to use support for Kubernetes and Rancher OS. If that's more around your ally subscribe there on the website or here.

I'm curious on what is your company, regardless, any pain points that you might have noticed while using AppCanary, or suggestions on SecureIT?

Usually they would like to install a daemon which checks local packages and all Gemfiles for example. The problem would be in ensuring that the daemon does not misbehave. A solution which gets integrated into a CI/CD pipeline would not have this problem but it would not be able to provide assurance on the integrity of the base system, only the artefact (deliverable).
CI/CD or even the CVS repository (Git e.g.) - as a hook or with full access is on the lines I'm thinking about. Thanks & Cheers!
It would be nice if the home page had some kind of an example page or report. I don't want to sign up for something if I don't know how it works first.
Hi!

You don't need to sign up to use the app. The 'try it' mode allows you to generate and see the reports without signing up. To setup the alert though, you will need to input an email. But you're right, it should show the process upfront. That explanation is on the works and will be on the next version of the frontpage and/or the TryIt part.

Meanwhile you can set a phony email although you won't get the email with the alert of course to see how the process works. But I would love to know what you thought of it through the chat or here.

The link to the try it mode is: https://beta.secureit.io/tryit (or click above)

Cheers

This is actually an idea I had started working on, but specifically for PCI requirement 6.2 in conjunction with some kind of automated threat analysis.

If I can list every software used in the card processing environment and get automated alerts fired straight into my ticketing system to create an event, this would be good.

Hmm, interesting. Automated threat analysis, how exactly would that work? Like the configuration OVALs? If I'm not mistaken Red Hat has quite the support via OVALs to some of the PCI requirements.

Regarding the card processing environment, what does that usually consist of? Linux servers?

You can reply to info@ SecureIT or here. I'm interested in knowing more.

Cheers

It might be useful, but I am finding it pretty hard to understand what it is from the landing page. I would suggest putting the message there clearer.
yup, yes, definitely going to. Even the secureit.io is not very clear on it. If you have any more insights let me know. Cheers