Founder Interview: Defencely.com
How secure is your website? Problem is that you will never know until the security has been breached. The past few months have seen cases galore of big name firms like Adobe succumbing to hack attacks. Many startups fail to see security as a critical asset while building up – in the midst of attaining growth through ever changing models. Often, this initial overlook comes back to bit when the stakes are much higher. Defencely
is a startup that offer Security as a Service to keep the websites safe from threats. Ritesh Sarvaiya (Founder) explained the service in more detail.
Security is something that comes to mind post-mishap rather than as a preventive measure – If I am running an online business, what are the dangers that I don’t know about (or know about but underestimate) ?
Well, if you’re talking about running an online business then there could be lots of bugs, vulnerabilities, or flaws in Site, Code, Pages, Server, or even in Database. The most common vulnerabilities are SQL Injection, XSS (Cross Site Scripting), CSRF (Cross Site Request Forgery), Authentication Flaws, Code Injection etc. Vulnerabilities like SQL Injection can entirely take your business Database, such that an attacker can also complete takeover host. XSS is one of the most common flaws in websites. Authentication flaws are common and most dangerous for online businesses. except this – there are also Zero Day Threats, Web Server Vulnerabilities : 0 Day Vulnerability is a field that allows us to sniff any threats that are already existing in a company’s website. If you have decided to create an online company, be it a mere blog, or a website, stick to it. Never ever give up, no matter how much time and effort it takes. Your failures will be teaching your valuable lessons that you are not supposed to repeat later on.
Recently MongoHQ’s security was breached – a common theme that emerged in tech forums was that for startups, with continuously changing models & stacks, security takes the least priority. As a result a lot of vulnerabilities keep creeping in until it is too late – your thoughts?
MongoHQ’s Database was hacked! in which users’ e-mail addresses, hashed password data, and other account information was exposed to hackers. That was due to poor security on their Database that leads to Database Injection Vulnerabilities. Hackers just look for small security hole and exploit it through different attacks, the more your create your Website Dynamic the more it will get loaded with codes so obviously there could be more chances of getting vulnerable. That was their pretty mistake we should also look for business security. I guess the best way to get started is to hire an online security company. There are some companies, such as Defencely, that don’t charge a lot to their trial level users. In fact, if I talk about Defencely in particular, you can scan any number of pages without any limitations or whatsoever; this is an opportunity that many entrepreneurs are rarely afforded.
Defencely has a pool of Highly Experienced Security Researchers. We offer businesses Security as a Service to keep their Websites Safe from Hacks, Attacks, and Vulnerabilities. Defencely keeps you secure 24/7 through Manual Cloud Penetration testing. Our rich experience is derived from working for top security companies and businesses in the internet world. Defencely’s researchers keeps your website up to date, fully protected with well known vulnerabilities and Zero Day threats. Our talented researchers analyze for code flaws, vulnerabilities, bugs, threats etc. Lets say, during development phases, the developers accidentally created a script, or left behind trails of a sensitive file directory that no one, except for the attacker, is aware of. In this scenario, our job is to detect that particular vulnerability and point it out as soon as possible. Of course, it is the sole consent of the company owner whether he wants to have the issue fixed or not.
The rest of our services are inclusive of, but not limited to:
Session Management Tests
Website Structure Analysis & Recommendations
XSS Vulnerability Testing
Could you also detail who your customers are : B2B/B2C, India/Rest of World ?
Up till date we’d lots of B2B Customers and Consumers from US, UK, Australia, Canada, India, etc. Giant companies like Google, Facebook, Zynga, Github , Ifixit , RedHat , Gallery , Apple , barracudalabs , Zendesk , Nokia, Yatra, Reliance, Aircel etc, are our B2B Customers. I’m proud to say that Defencely is also awarded by listed companies. We did a lot of work to report vulnerabilities to big IT giants in North America. What was the cumulative result of this effort? Today companies such as Apple, RedHat, SoundCloud, ZenDesk, Google, Microsoft, Ebay, redhat and many others have acknowledged our services at their dedicated Hall of Fame page for security analysts.
Who is the team behind Defencely and how you have grown since starting ?
Defencely is purely my Brain Child, I have couple of Experienced advisors on board and one of them is Yaakov Yehudi
. As I mentioned above Defencely has pool talented Security Researchers. Currently we are working with a huge group of Security Researchers, Our team is well known and educated in Information Security. Our beginning was not that great but slow and steady we won the race, I will never be able to forget April 25, 2013 as the day when this first Indian Manual Pentesting online security company was founded. It was thousands of email collaborations, hundreds of hours crunched in and thats how Defencely came to be.
How this company is different from other companies is an interesting account of our services.
For instance, Defencely provides solutions to patch up vulnerabilities in your website. How rare is that? Today, there are tons of security websites that are housing such services, but it is sad to see that they are doing it with the help of automated scanners. Such services providers are only good for detecting vulnerabilities and that ís about it. If you will ask them for solutions, they will be oblivious to them.
Defencely is offering a complete scanning process thatís 90% based on manual scans.
We do rely on software assistance, but we keep it to a minimal. As soon as we have detected something, we notify the clients of it. From then on, it is a confidential process to help them strengthen their security without any hitches. Our competitive edge also lies in the fact that we are among very few who can point out Zero Day vulnerabilities.
What is your one tip for aspiring Entrepreneurs ?
Entrepreneurship is such a subject which cannot be taught. But there are some individuals who have risen above the normal people and became one of the influential force to bring some change in the society. The first tip of all is : Never prioritize money – it creates problems rather than solving them. Trust me because as a CEO I know what money really means. Your best interests should remain at keeping your clients, online visitors and buyers engaged. Entrepreneurs especially overlook the importance of online security because they think that once a website has been made, it is completely hack proof. To a lot of entrepreneurs, the term: hacking signifies itself as Email or Credit Card hacking. Well, my dear friends, hacking has evolved, in itself it is a million dollar business.