

Show HN: Web startup security is failing and we're fixing it - ScanMySite
http://www.scanmysite.net/

======
charliesome
I'm sorry but you can't fix 'failing Web startup security' with automated
scans. Automated scans are useless for finding all but the most trivial of
vulnerabilities.

There's almost no doubt in my mind that the only way to fix the situation is
with education. I think that if your goal is to fix poor security practises,
you should change your strategy to teaching developers how to be security
aware, rather than offering a service that merely pokes around for a few well
known vulnerabilities.

~~~
quesera
This is absolutely true.

BUT, there are charlatans armed with little more than nmap and a cursory
understanding of the output that sell themselves as penetration testers, for a
whole lot more than I assume this service will cost.

This, at least, is normalized, repeated, reported consistently, and history is
kept. That's worth something.

It's incomplete, but I assume at the price point, it will be more cost
efficient and trustworthy than the other options -- the most popular of which
is doing nothing.

Usual rant about false senses of security elided for brevity.

------
lucaspiller
At my company we've been looking into this. We've been in contact with a
security company who gave us a quote of £6k, for probably what amounts to not
much more than just a port scan. We've only got 4 VPSes, so this seems a bit
crazy! Keep up the good work, I want this now! :D

(Also the link to your other product
<http://www.mavitunasecurity.com/netsparker/> doesn't seem to work?)

~~~
fmavituna
Thanks! Please do not forget to register for beta so we can inform you.
Possibly we'll give lots of free scans during the beta as well :)

 _> (Also the link to your other product
<http://www.mavitunasecurity.com/netsparker/> doesn't seem to work?)_

Is it still not working for you? I just checked and it was up, also pingdom
didn't report any downtimes, maybe a temporary issue in your side?

~~~
lucaspiller
Yup, I've registered! When are you looking to open the doors?

The link seems to be working now, thanks! I also signed up for a trial of
Netsparker so it'll be interesting to compare the two.

~~~
ScanMySite
The scanning and vulnerability detection mechanisms will be the same as those
used by Netsparker, which is already built, tested and in widespread use. What
we are currently building is the SaaS application that will host this. We are
aiming for a very early beta version some time in August.

------
fmavituna
It might have been better to link directly to the blog post :
[http://www.scanmysite.net/blog/countdown-to-a-new-era-of-
web...](http://www.scanmysite.net/blog/countdown-to-a-new-era-of-web-
application-security) which explains more about the product.

If you have any questions / feedback, me and Tim (@ScanMySite) are happy to
hear.

------
meiji
Just wondering; how does this differ from products like StopTheHacker and
SiteLock (amongst others)? I mean, the idea is a solid one, but there's a few
players in this arena already.

~~~
fmavituna
Sites like those generally in the business of seal-selling or doing very light
security checks.

Many of them will only report out of date vulnerabilities ( _quick & easy to
check_) or very simple issues limited issues. Still a legit business
obviously. Though the benefits are limited. Best way to check this, get a scan
request and watch your logs. Most of them won't even do a POST request. How
can you really check for vulnerabilities unless you test all the functionality
in a web application?

I guess we should explain this in our website to distinguish ourselves from
that pack.

------
edd
Just so you know your responsive design is covering the request invite submit
button when your browser goes somewhere below around 900px wide (Using chrome
latest dev build).

~~~
ScanMySite
Thanks :) It seems we have some fine tuning to do.

------
edbloom
Looking forward to seeing this. Was only thinking this vertical is ripe for
someone to disrupt it with a more compelling service/price combo.

------
zalew
Signed up for beta. If well executed, it will succeed.

pssst: screenshot arrows don't work.

~~~
ScanMySite
Thanks for your feedback. The screenshot arrows seemed to work in all the
browsers we tested with. Can you tell us what browser you're using?

~~~
zalew
FF14 and Chromium 20

------
Fizzadar
Step 2 after securing your site is to keep it online :) Can't get it to load
:/

------
dns
ferruh abi çok iyi bir proje tebrik ederim :)

------
johnx123-up
OP: Please provide coupon or something for HN users

~~~
ScanMySite
I recommend that you join our beta programme. As Ferruh (@fmavituna) said,
we'll no doubt be making some attractive offers to beta users.

~~~
Torrents
Do you have a price-range in mind for when you go live?

~~~
ScanMySite
This is a topic that we're still hotly debating. Since we haven't yet been
able to fully gauge the level of interest and the size of our potential
market, it's hard to give a definite answer. But, we're very open to feedback.

------
taligent
I've been desperate for a site like this.

A few exist but are priced for corporations looking for PCI compliance. If you
can position yourself like a Pingdom or Pagerduty but for security you will do
really well.

Best of luck.

~~~
ScanMySite
Thanks. What you have said is exactly the rationale behind what we're building
- a move away from expensive and restrictive enterprise solutions toward
something that works (both operationally and economically) for smaller
businesses.

