Skip to main content

Sqreen wants to become the IFTTT of web app security



French startup Sqreen recently launched a Security Hub with dozens of plugins to put you in control of the security of your web app. In many ways, it feels like enabling tasks on popular automation service IFTTT.

Sqreen participated in TechCrunch’s Startup Battlefield and Y Combinator’s current batch. The vision of the product hasn’t changed. Sqreen lets you protect your web service with little effort from your side.

Big companies have dedicated security teams that protect services, try to run attacks to find weaknesses and more. Smaller companies don’t necessarily have enough time and money to build a dedicated team. But your product is still vulnerable to SQL injections, XSS attacks and brute-force attacks.

Sqreen isn’t a firewall. You just have to install a library package on your server and add a couple of lines at the top your source code to require the Sqreen module in your application.

Once this is done, Sqreen monitors attacks in real time without a big performance hit — the startup says there’s a 4 percent CPU overhead. Sqreen now works for web apps in Node.js, Ruby, PHP, Python or Java.

In addition to protecting you against common attacks, Sqreen makes security recommendations so that you can regularly fix vulnerabilities. And with GDPR coming soon, tech companies have a greater responsibility when it comes to protecting customer data and disclosing hacks.

Customers wanted to know more about what Sqreen was doing. That’s why Sqreen launched a security hub with documented plugins.

“All security vendors are very secretive,” Sqreen co-founder and CEO Pierre Betouin. “Usually, you can’t test the product and you have no information on what they do. We were like this at the beginning of Sqreen. Our positioning was really ‘install our library and we’ll cover a range of security features.’”

“We had a big push back. So we wondered how we could be more transparent, provide something more rational. We explain each plugin completely.”







You can find a plugin to protect you against SQLite injections, vulnerable dependencies, XSS Javascript injections in various frameworks, bot activity, etc.

Sqreen will recommend plugins for your app depending on the technologies and frameworks you’re using. You can then enable or disable each plugin and configure notifications on Slack or PagerDuty for instance.

In the future, you can imagine that third-party companies could contribute to this marketplace and add new plugins. Sqreen is also working on other plugins related to email abuse and payment page protection.

In addition to those new features, Betouin is moving to San Francisco and opening an office there. Companies like Front, Mindbody, BlaBlaCar, Triplebyte, Toptal and Algolia are now using Sqreen.

Comments

Popular posts from this blog

Google is using machine learning to teach robots how to grasp random objects

Using your hand to grasp a pen that’s lying on your desk doesn’t exactly feel like a chore, but for robots, that’s still a really hard thing to do. So to teach robots how to better grasp random objects, Google’s research team  dedicated 14 robots to the task . The standard way to solve this problem would be for the robot to survey the environment, create a plan for how to grasp the object, then execute on it. In the real world, though, lots of things can change between formulating that plan and executing on it. Google is now using these robots to train a deep  convolutional neural network  (a technique that’s all the rage in machine learning right now) to help its robots predict the outcome of their grasps based on the camera input and motor commands. It’s basically hand-eye coordination for robots. The team says that it took about 3,000 hours of practice (and 800,000 grasp attempts) before it saw “the beginnings of intelligent reacti...

Here Are The First Connected Home Devices For Apple’s HomeKit

Apple’s HomeKit is finally starting to roll out to actual consumers, via the first crop of HomeKit-enabled accessories from third-party manufacturers. This means you’ll soon be able to get your hands on a range of products for the connected home that work with Siri on your iOS device, and that you’ll be able to do so as soon as today, since some of the new HomeKit accessories start shipping now. The accessories in question range from sensors, to lights, to thermostats, to smart outlets, and come from a group of accessory-makers with a trusted reputation in the connected home industry. HomeKit may have taken a while to arrive, but it’s doing so in grand fashion, with a practical lineup to get your home connected to your iOS ecosystem in an essential way. Elgato Eve The  Elgato Eve  is a set of connected wireless sensors that monitor key factors like indoor air quality, temperature, humidity as well as conditions outside, like temperature, humidity and air pre...

How ad-free subscriptions could solve Facebook

At the core of Facebook’s “well-being” problem is that its business is directly coupled with total time spent on its apps. The more hours you pass on the social network, the more ads you see and click, the more money it earns. That puts its plan to make using Facebook healthier at odds with its finances, restricting how far it’s willing to go to protect us from the harms of over use. The advertising-supported model comes with some big benefits, though. Facebook CEO Mark Zuckerberg has repeatedly said that “We will always keep Facebook a free service for everyone.” Ads lets Facebook remain free for those who don’t want to pay, and more importantly, for those around the world who couldn’t afford to. Ads pay for Facebook to keep the lights on, research and develop new technologies, and profit handsomely in a way that attracts top talent and further investment. More affluent users with more buying power in markets like the US, UK, and Canada command higher ad prices, effectively...

Sonatype Snares $30 Million Investment Led By Goldman Sachs

Sonatype , a company that helps customers create automated, policy-driven software component security, announced a $30 million round today led by Goldman Sachs. The investment was a mix of debt and equity financing and was handled by Goldman’s Principal Strategic Investments Group, rather than Goldman’s venture capital arm, Sonatype CEO Wayne Jackson explained. Although this may seem a subtle distinction, he says that Strategic Investments only makes investments in products that are central to the company’s mission (as the name implies), whereas the venture arm makes lots of different kinds of investments. Sonatype works to ensure that open source components used in much of Goldman’s (and just about every company’s) software are safe and up-to-date in an automated fashion. “Today, open source components underpin a vast majority of our most mission-critical applications at the firm. As we work to build, maintain and update these applications, w...

Amazon Is Giving Away Unlimited Cloud Storage For $5.00

Amid a slew of deep discounts appearing on the web today as a part of the shopping holiday Black Friday, Amazon has introduced one deal that’s sort of a no brainer. The company is  giving away unlimited online storage  on its cloud servers for just five dollars. The normal price for this is $60 per year, so this – 92% off – represents a significant savings. The deal is aimed at promoting  Amazon’s Cloud Drive service  – an online storage site that competes with similar services like Dropbox, Google Drive, Microsoft’s OneDrive, and more. Cloud Drive allows you to store documents, music, photos, videos and other files in the cloud, which you can access from any web-connected device, including smartphones and tablets by way of Amazon’s Cloud Drive mobile applications. However, be aware that if you’re planning to use the now $5 service primarily for photo backups, you may already have that option enabled. Amazon Prime currently offers free, unlimited pho...