Security is a big concern for developers. As developers, even though the confidence in our app security is often low, nothing is really done to protect our data or customers. (Source here)
It’s a topic that my co-founder and I know well, after working ten years in the Internet Services security team at Apple. We always explained this status quo with legacy security tools that are too complex, inefficient and just made for security folks.
Until now, Sqreen focused on building the most advanced and simple to use/install security solution. You can get started in just a minute, and your app will be automatically (magically?) protected against all the major threats.
Well, we were partially wrong with the approach. I’ll tell you why here.
Announcing your application security hub
Today, I’m excited to share that the original vision changed. Sure, you can still install and get protected in just a couple of minutes (and you can give it a try here) but you can also do a lot more!
We broke Sqreen down into a collection of security plugins that give developers full visibility and flexibility to cover their data and app against specific security threats.
A security plugin?
A security plugin is the combination of different elements:
- HTTP requests
- Database queries
- User authentications
- Triggers (a predefined condition matches)
- A threshold passed
- An anomaly
- A peak
- Logging a stack trace
- Blocking the DB query
- Escaping the executable code
- Post a webhook
- Sending a notification (Slack / PagerDuty / Email etc.)
Every plugin comes with advanced documentation on what Sqreen exactly does in your app, what data is collected, etc.
And yes, you will soon be able to create your own plugins, triggers or actions 🙌
TechCrunch described it as the “IFTTT for security” and that’s quite a good comparison yes!
How can it be used?
Well, you can do a lot with it!
Prevent data breaches
You can prevent data breaches by blocking attacks like Cross-Site Scripting (XSS), NoSQL injections, code injections and more.
Protect your customers
You can better protect your customers from data exfiltration, account takeovers or credential stuffing attacks.
Avoid sensitive business logic attacks
You can also use plugins to protect from business logic attacks like signup spam, shared accounts, bad bots or even custom business logic.
A lot of Sqreen Sqreen plugins can help companies become compliant with frameworks or regulations like the OWASP top 10, SOC2, GDPR or PCI.
And we’ve completed Y Combinator 🚀!
We are also super excited to have joined and finished the Y Combinator Winter 2018 batch!
These fast product iterations are only possible due to the steep learning curve we’ve experienced here.
We’re on a journey to make internet security accessible to everyone, and this is just the beginning.
As I said on stage at the YC demo day: “We are Sqreen and we make application security… Simple”