I have been using sqreen for the last 5 months. It has possibly been the best addition to our stack. It helps us identify users who keep trying an incorrect password and to proactively send them a password reset email with info that they have unsuccessfully tried to login. Or to identify users who login from multiple ips in disparate geographical areas (a compromised user possibly). One of the greatest uses has been to mitigate the vulnerability scans which are constant and consistent. Since our app is a bit long in the tooth, we have not had the time or the opportunity to circle back and properly pay off our technical debt. Sqreen makes sure that we have some decent p[protection without a lot of overhead or maintenance.
What we spend for the subscription far outweighs what I would have had to spend to implement this. In short, a great investment.
> It helps us identify users who keep trying an incorrect password and to proactively send them a password reset email with info that they have unsuccessfully tried to login.
It's fascinating to see our users come up with such interesting solutions!
> Since our app is a bit long in the tooth, we have not had the time or the opportunity to circle back and properly pay off our technical debt
At Sqreen we're very pragmatic and while we'd dream to see everyone be up to date we realise that this cannot realistically be the case - and even futile in face of zero day vulns. Thrilling to see it put to good use :)
What we spend for the subscription far outweighs what I would have had to spend to implement this. In short, a great investment.