Hacker News new | ask | show | jobs
Ask HN: review my startup ironode.com (simple/automated security testing)
16 points by bandhunt 5679 days ago
http://www.ironode.com

Hey guys, please checkout my MVP security testing app (ironode.com); it crawls your site for open web exploites (sql inject, xss, xsrf etc..). I've allocated 30 free accounts for HN users - I'll add more as we finish the scans for people.

Questions:

  1. Would you use this service?  
  2. Would you pay for it?
Any feedback is greatly appreciated!!

Thanks guys!
5 comments
iworkforthem 5679 days ago
Does it cover the vulnerabilities listed in OWASP Top 10 for 2010?

http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Projec...

It would be useful if you can illustrate how IronNode can cover these vulnerabilities.

Why is it a must for new user sign up to be restricted to just that domain? Who are you targeting? Ok, if I have just one domain. But if I manage multiple domains for my clients, and it's not possible for me to setup email for those domains. I guess I can't use your service. I think Google Webmaster Tools took the right approach to allow users to add domain instead.

link
bandhunt 5679 days ago
Thanks for the feedback. We'll add the google type confirmation in the future.
link
deutronium 5679 days ago
It sounds a cool idea, and I'll be interested to see the results. I just signed up and received a confirmation link:

When I clicked it I got:

Resend confirmation instructions 1 error prohibited this user from being saved:

    * Confirmation token is invalid
Edit: I'm using Evolution for my email, when I looked at the HTML and copied the URL out and used that, it worked :)
link
bandhunt 5679 days ago
Cool. Thanks for the feedback! I'll take a look in evolution.
link
shadowpwner 5679 days ago
Another method of confirmation (see what Google does with analytics/webmaster tools) would be great. I couldn't be bothered to make an email account for my website, even though most companies should have one..
link
iworkforthem 5679 days ago
clickable: http://www.ironode.com
link
pinksoda 5679 days ago
It's automated, but we have to wait 5 days for it? That's a deal breaker for me.
link
bandhunt 5679 days ago
That's just for now. We're manually running the scans to monitor the results as they come in. After our beta, scan results will be viewable in less than a day.
link