The SaaS CTO Security Checklist

Today we are really excited to launch The SaaS CTO Security Checklist.

The idea for the SaaS CTO Security Checklist came after talking to tens of startup CTOs. Most CTOs today have a software engineering background but have only limited knowledge about securing applications at scale. The goal of this checklist is to provide a basic go-to resource to solve that issue. This is a checklist that all SaaS CTOs (and anyone else) can use to harden their security. Security shouldn’t feel like a chore.

The checklist introduces several categories of topics:

  • Your Company
  • Your Employees
  • Your Infrastructure
  • Your Code
  • Your Application
  • Your Product Users

We differentiated the items by company stage to give a level of importance to every topic.

Here is a selection of some of the topics we cover:

  • Have an internal security policy
  • Restrict internal services by IP addresses
  • Protect your application from DDoS attacks
  • Enforce a secure code review checklist
  • Use a Static Security Code Analysis tools
  • Use a real-time protection service
  • etc.

This list is far from exhaustive, incomplete by nature since the security you need depends on your assets.

Feel free to share your thoughts and contribute to the Github repository.

1
Leave a Reply

avatar
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
0 Comment authors
Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
trackback

[…] Back in 2016, we talked to a lot of SaaS CTOs to put together our SaaS CTO Security Checklist. In the preceding three years, there have been some evolutions and new wrinkles in the security space that SaaS CTOs need to be aware. So we buckled down and put together a second edition of the checklist (now available!). The SaaS CTO Security Checklist, Second Edition covers the latest best practices for taking the first steps towards building a strong security foundation. From processes to culture to tooling, these best practices can help you get started on security, or help… Read more »

You May Also Like