
Show HN: Automated code security assistant for developers - eslamsalem
https://shieldfy.io
======
eslamsalem
Hello HN, It's my pleasure to introduce to you Shieldfy, a code security
assistant.

It started back 10 years ago in 2010, I was a team leader in a small software
house, we were building websites and applications for customers. One day I
wake up in a phone call from my manager that one of our websites has been
hacked. I jumped out of my bed and opened my laptop … yes, its hacked. It was
a nightmare, I didn’t know where to start and almost lost my job back then.

The short story is that a hacker exploited a vulnerability in the website to
log into the admin panel and take control of the website.

I was devastated but I decided that I need to learn more about security ..
being a developer without know how to secure your code is not enough. Two
years later I was in good shape and started to work as a security consultant
for development companies especially to work for developers to strengthen
their codes.

Here we come, in 2016 I decided to quit my job and start a cybersecurity
company, my dream was and still to enable developers to write secure code, to
not face a disaster as I faced before. Are you crazy? That what I heard from
everyone at my friends, colleagues, starting a security company .. in the MENA
region .. in Egypt! and not a security service, it’s a Product, a technical
product.

I admit it was scary for me too, the economic situation and currency
devaluation pushed a lot of talents to leave the country and work abroad. and
the remaining is afraid to work for a startup. Luckily, I found 2 co-founders
who were my colleagues from my last company. and we incorporated the company
in Delaware, US. to implement credit card processing via Stripe. (Thank you
Stripe Atlas.)

After days and days of a sleepless night, we have now a minimum product we can
sell, we launched but no one came. Ok, Let us discover channels to market the
product. We listed the product in the beta testing website like beta list also
submitted in Reddit, FB groups, Twitter .. everywhere After a lot of hassle to
get the words out, we got some users, and one day I opened my email to find
confirmation about the first paid user

From getting the first traction to first paid user, to be accepted in Cylon
accelerator in London, yay (after a lot of rejections from local
accelerators). But, we couldn’t get a UK visa (rejected two times) and the
Cylon opportunity disappeared And if that wasn’t enough, my two co-founders
decided to leave. There was not much money in the company back then, and churn
was very high. There weren’t any lights at the end of the tunnel.

But I felt the spark again inside me, I must not ever give up. I need to push
it further.

We changed the core product to focus more on finding vulnerabilities inside
the developer code. That’s the original goal, help developers to write more
secure code.

We also decided to focus on companies that have it’s own dev team in-house.
But i need money to continue ….

I pitched the company to 50+ VCs and angels and believe me that is a big
number here in Egypt, especially if you know that the total number of active
VCs in Egypt was lower than 20 VCs, and nearly no active angels. And the
answer was No, We need some traction, We need a lot of traction, You are a
solo founder now, Do you think you can build this technology?!!

My last pitch was to Arzan Capital, and I was very lucky because the venture
partner is an entrepreneur, he co-founded Jeeran, one of the first internet
portals in the MENA region. And guess what he is a developer by heart and he
still writes code till now.

He was very interested in our product and after a couple of tough meetings
they decided to invest. That was it, I expanded my team to include some crazy
developers and security engineers like me, who believe we can build that
thing.

After a couple of months, we got more traction and we got into 500 startups
accelerator program, the first in the MENA region. It was a life-changing
experience interacting with well-experienced mentors coming from Silicon
Valley. We refined our Idea, our technology.

And now I’m happy to announce our product, Shieldfy — Your virtual security
assistant.

That’s our story, I'm happy to answer any question regarding the product or
our journey.

------
TACIXAT
Which languages are supported? I went through a few pages on the site but
could not find the information.

~~~
eslamsalem
Now we support Javascript and Typescript in both frontend and backend (Nodejs)

I am sorry if it's not clear in the website. I will definitely update the
website to make in clear. Thanks

------
jiveturkey
> both static & dynamic analysis

I very, very much doubt you are doing DAST. You should remove that claim or
provide more details.

~~~
eslamsalem
We are doing DAST but in micro level to parse different syntax and features of
javascript (ES6,7,8). I think I will remove the claim till we provide more
context to avoid any type of confusion. Thanks.

------
branon
> Connect Shieldfy with your presonal or organization github account.

presonal -> personal

[https://shieldfy.io/how-it-works/](https://shieldfy.io/how-it-works/)

The page title is also not properly capitalized.

Good luck!

~~~
eslamsalem
Done, its now fixed :), Thanks for the catch

~~~
majormjr
The screenshot of the Github message on the homepage has lower case 'i' as
well.

~~~
eslamsalem
Oops! I think we need to do a full QA on the website. Thanks again for
noticing this :) Will fix it today

------
Wolfmother
Really nice website. Good job! One thing which I noticed is that on my phone
(One plus 6t) main text and cta on the top of the page is not centered :/
probably it's easy fix :) Anyway, maybe you would like to introduce your tool
on my side project's website [https://owwly.com](https://owwly.com)

~~~
eslamsalem
Thanks for the catch, will fix it. pretty interesting website, maybe I will
add Shieldfy later today.

------
hashamali
Very cool. How does this compare to Snyk? [https://snyk.io](https://snyk.io)

~~~
eslamsalem
Snyk is only focusing on the dependencies vulnerabilities (third-party
libraries), Shieldfy on the other hand detects both code/dependencies
vulnerabilities. That gives you a better view on your code security.

------
notlukesky
Good luck. Will you add other login methods?

~~~
eslamsalem
Now we support login with Github, We are working on the integration with
bitbucket and it will be released very soon.

Gitlab also on the product map, but we didn't specify release date yet.

------
jiveturkey
what is an SQI injection?

[https://shieldfy.io/product/code-
vulnerabilities/](https://shieldfy.io/product/code-vulnerabilities/)

looks like a typical SQL injection to me. how could someone typo that for SQI.
security product needs attention to detail ...

~~~
eslamsalem
I'm sorry about that, I think we tried so hard on the security engine itself
and forgot to pay attention to the frontend. You are totally right "security
product needs attention to detail". Will have it fixed today

------
jayfk
Where does package vulnerability data come from? Are you using your own
database?

~~~
eslamsalem
Yes, We use our own database. The data comes from Public disclosure
vulnerabilities as well some of privately reported vulnerabilities from
internal sources.

