

Ask HN: review my startup ironode.com (simple/automated security testing)  - bandhunt

http://www.ironode.com<p>Hey guys, please checkout my MVP security testing app (ironode.com); it crawls your site for open web exploites (sql inject, xss, xsrf etc..).
I've allocated 30 free accounts for HN users - I'll add more as we finish the scans for people.<p>Questions:<p><pre><code>  1. Would you use this service?  
  2. Would you pay for it?
</code></pre>
Any feedback is greatly appreciated!!<p>Thanks guys!
======
iworkforthem
Does it cover the vulnerabilities listed in OWASP Top 10 for 2010?

[http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Projec...](http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)

It would be useful if you can illustrate how IronNode can cover these
vulnerabilities.

Why is it a must for new user sign up to be restricted to just that domain?
Who are you targeting? Ok, if I have just one domain. But if I manage multiple
domains for my clients, and it's not possible for me to setup email for those
domains. I guess I can't use your service. I think Google Webmaster Tools took
the right approach to allow users to add domain instead.

~~~
bandhunt
Thanks for the feedback. We'll add the google type confirmation in the future.

------
deutronium
It sounds a cool idea, and I'll be interested to see the results. I just
signed up and received a confirmation link:

When I clicked it I got:

Resend confirmation instructions 1 error prohibited this user from being
saved:

    
    
        * Confirmation token is invalid
    

Edit: I'm using Evolution for my email, when I looked at the HTML and copied
the URL out and used that, it worked :)

~~~
bandhunt
Cool. Thanks for the feedback! I'll take a look in evolution.

------
shadowpwner
Another method of confirmation (see what Google does with analytics/webmaster
tools) would be great. I couldn't be bothered to make an email account for my
website, even though most companies should have one..

------
iworkforthem
clickable: <http://www.ironode.com>

------
pinksoda
It's automated, but we have to wait 5 days for it? That's a deal breaker for
me.

~~~
bandhunt
That's just for now. We're manually running the scans to monitor the results
as they come in. After our beta, scan results will be viewable in less than a
day.

