Wouldn't it be great if you could just install security as those scanners promise?
In reality, you know that security takes time. There are new types of attacks, software vulnerabilities and browser changes every month. You and your team find security problems, they need fixing.
And that's only to keep up. There's no time left to think about strategies. Or to implement that useful security feature that you saw somewhere. But is it worth it? And can we get it right the first time around?
Security has many facets:
But where to start? Where are the current weak points? And what should be my next steps? Wouldn't it be great if these things sort of took care of themselves? At least to some extent?
Together we'll improve all the different aspects of security, month by month. Realistically, you're in the middle of something right now and more big todo items are the last thing you need.
I'll make it as easy as possible for you to keep up with security and increase security according to your vision.
You spent a lot of time with security already, you're pretty confident it's not bad at all. The automatic security test tool reports no significant problems. Everything works and you could do this all by yourself, why do you need someone else?
Because you and your team discuss, learn about, keep up with and test security a couple of times a year. This service could walk that up to monthly and make it a high priority. And it won't interfere with business as usual.
Do you think security is part of the long-term success of your web application? Then we're on the same page.
I'll keep up with security for you, review pull-requests with a security hat on and do all useful automatic tests. I provide code, guides, and advice so that you can make informed decisions. We'll launch the changes with your team and keep you updated. Also, I'm keeping up with security documentation and awareness with your team.
Heiko Webers here. I'm a developer, trainer and white-hat hacker, working with Rails security since 2007. I'm running a small business and SaaS applications, just like you. So I generally understand the challenges and possibilities.
I wrote the original Rails security guide and started the Rails Security Project. In 2015 another book, the Rails security strategy. I've conducted countless Rails security audits for many well-known Rails applications. And you'll benefit from that experience as well.
This is aimed at long-term success. You and your team keep all the knowledge that you get during this project. Security audits give you an overview of where the weak points are right now. But I know that the job isn't done with a report. So I'm making myself available to deliver the best possible result at a far lower price point than my usual day rate.
I'll spend time every month reviewing security in the code changes. Ideally, we'd start with a security audit to know the current weak points, but that's not a must.
...for all relevant security topics, from beginner to advanced stage. New and current team members will be on the same page quicker.
We'll develop "this is how we do security here" foundation rules with your team.
There are security news, software updates, new vulnerabilities or browser changes every month.
I'm running all useful automatic security test tools and will develop more for your needs.
Your personal security dashboard with reports and results for every month. See on the right.
Want me to evaluate an approach or have a question? Mention me on Github or add me to your messenger.
This is for you if any of this sounds like you:
If you run a bigger business, I assume you already have someone on staff to take care of this. If not, please get in touch and we'll figure something out.
Talking to us is risk-free.