I'm about to soft-launch a simple CRUD app (knowledgebase tool), and I'd like to have some_one_ or some_thing_ try to hack it.
It does not necessarily have to be bulletproof - nothing ever is - but I want to make sure I'm protected against many/most/all automated types of attacks, whether they be sql injection, xss, ssl/tls, etc.
Does that exist?
My ideal would be something like the automated car wash pricing -- $25 for the Basic check, $40 for Premium, $50 for Premium+.
Maybe it's one-time, maybe it's ongoing, etc.
Thanks.
intruder.io seems to tick your boxes
I think this is a great idea, I would go with a fee per single test coupled with an optional recurring service that spits monthly reports. The same test but one is on auto-pilot.
I looked into getting a very basic pen test years ago for a SaaS and the pricing was through the roof, it was all very techy and it was off-putting so I never engaged anyone.
Now if you have a front end and a real back end, and you have customer info, etc. It would be great to know that you were safe from hacking by anyone short of real serious pro or state actors etc. The thought crosses your mind when you get really private info handed to you like my SaaS did and more than that, once it starts making money it would be a disaster if someone came along and wrecked it or ransomed it etc.
the questions people will pay to get answered are: Am I hackable, Am I being hacked, and Have I been Hacked. There is also "I am being hacked" but you could suggest companies likely to provide a fix rather than be on the hook for fixing it yourself.
I would add a huge disclaimer about the limits of the service and how you are making a good-faith effort but not offering any guarantee and you are only looking for things like x, y, and z.
Check out Detectify for just in time or continuous pentesting.
What’s your tech stack? A pentest of any value costs $1000s, but there may be some static analysis tools that do the basics for free.
mostly laravel/php at the moment.
if a pentest of any value costs $1000s, then that's my next project. :-D
Ah, I'm not aware of any tools for laravel. You might find some general PHP utilities here, but I'm not sure of the quality: https://github.com/exakat/php-static-analysis-tools
Lol. Give it a shot! Lots of enjoyable ways to make money in security