Ask HN: website security app (sanity check)
Hey HNers, I've received less than excited responses from friends about what I'm building and need a sanity check from you guys.
I've been working on some automated security testing software that would crawl and scan sites for open web exploites (sql inject, xss, xsrf etc..).
Initially I'd offer free scans to HNer sites and the bigger goal is to create a paid service.
Would you use this service?
Would you pay for it?
Do you have your security covered (ie don't need a 3rd party audit)?
Any tools that you currently use that are good enough for your needs?
Thanks guys!
13 comments
[ 2216 ms ] story [ 829 ms ] threadIf you are an expert in this domain, maybe you could have a cheap automated testing suite, and then offer a consulting service to help fix the security issues.
Email me (see my profile) and I'll give you free scans when I launch if you'd like.
And what sort of contract will you have in place for outages caused by the scanning, liability limitations, etc?
I absolutely think you could flourish with a service like this, but there are some kinks you'll have to work out.
I'd certainly be interested in the later, and even just hearing how you go about that.
Email me (see my profile) and I'll give you free scans when I launch if you'd like.
also, i think there are lots of players in this area.
Do you use any of other the other services?
I'm hoping to provide a more comprehensive service that is also much easier to use and therefore add enough value to make it a pay service.
How can one trust the security app which is offered as a service and believe that it will not do anything malicious? It is like storing my bank password and all credit card details in another thirdparty site. As a user I do not trust any thirdparty service which offers to store passwords. Similarly as a developer I do not trust any third party service over web for websecurity testing.