Ask HN: SaaS boostrappers what does your security stack look like?

6 points by auspex ↗ HN

4 comments

[ 3.6 ms ] story [ 22.8 ms ] thread
I’m a SaaS bootstrapper. What do you mean with “security stack”? Security is layered into all components of the tech stack. It is not a discrete part of the stack.
For example: OpenVAS for vulnerability scanning on the VMs. Clair for container image vulnerabilities, OSSEC for IDS etc.
Aha, you mean dedicated security scanning / intrusion detection systems.

I use none. I use static websites, Heroku and AWS Lambda for all work. So all of the network, vulnerability etc. worries are of loaded to the provider. No user data is stored on our backend: that’s all in Stripe and Auth0.

We encrypt some sensitive data (not PII) in the database and in flight.

I guess for now the use of various 3rd party services negates the need for dedicated “security stack” products. This might change in the future.

As a SaaS bootstrapper, zero security stack. I used the crypto package in go?

Absolute security (aside from standard protection of passwords) is at the bottom of my to-do list. It'd have zero impact on finding product market fit.