4
4 Comments

How do you make sure that you are keeping up with security for your technology stack?

We will be launching quiet a big service soon, with one client. It’s a big client, a big project and a big contract.

I am setting up the servers, the applications, the accesses, etc. But one thing I am worried about is how to keep up with security. How do you keep track of zero-day exploits, patches that you need done, and security as you go?

  1. 3

    Hey @Mipmop, if you can be more specific about the application and the service provided, I think I'll be able to tailor my suggestions according to your specific needs.

    From what I understand, if you are worried about the security of the application, conducting vulnerability assessment and penetration testing at a regular interval of time is advised.

    Implementing DevSecOps into your development cycle will be a huge plus point since it eradicates a large number of vulnerabilities when the application is still in the development period. There are a lot of tools to integrate and perform scans.

    Another thing you should be doing is hiding the stack and server information from the public, which restricts the attacker from executing any framework or version-specific attacks.

    And like @anilkilic mentioned, never trust the user input. Implement input sanitization using a whitelist approach instead of a blacklist. Always monitor the traffic to find any suspicious activity.

    Wishing you all the very with your first client!

  2. 2

    By chosing 'boring' technology. If you go with something that has been around for ages, the less probable new exploits appear.

    On the other hand, there are more possible exploits with the new shinny thing.

    Out of curiosity, what's your stack?

    1. 1

      This comment was deleted 3 years ago.

  3. 1

    Hey @Mipmop, a bit late to the party here, but we made a product that does exactly this. Enter your stack and we'll send you vulnerability notifications weekly that match your stack. Hope its useful to you 👍. https://secalerts.co

  4. 2

    This comment was deleted 3 years ago.

    1. 1

      Thank,
      Well, big in this context is “big” to me since I’m just starting out. It’s neither NSA or local bank kind of big:)
      I’ll turn elsewhere, then, and see if I can get more advice.

      1. 1

        This comment was deleted 3 years ago.

Trending on Indie Hackers
How I grew a side project to 100k Unique Visitors in 7 days with 0 audience 49 comments Competing with Product Hunt: a month later 33 comments Why do you hate marketing? 29 comments My Top 20 Free Tools That I Use Everyday as an Indie Hacker 16 comments $15k revenues in <4 months as a solopreneur 14 comments Use Your Product 13 comments