| Hey HN, I built InfoSecList.com because I got tired of the way security teams evaluate tools. Every time we needed a new DAST scanner or pentest vendor, it was the same drill: Google around, read SEO-optimized listicles written by people who never used the tools, sit through 3-5 sales demos, and hope for the best. InfoSecList is a directory of 90+ cybersecurity tools and services across 21 categories. Every listing gets two scores from practitioners: - Market Score (1-5): industry adoption and brand recognition
- Value Score (1-5): actual value for money based on usage You can browse by category (DAST, SAST, SCA, pentest services, bug bounty platforms, etc.), compare tools side-by-side, or look up alternatives to specific products. A few things that might be interesting technically: - Data lives in a Google Sheet, served via a PHP proxy as CSV, parsed client-side
- Pages are dynamic SPA-style but with clean URLs for SEO
- Each tool/alternative/category page generates its own structured data and meta tags from the CSV data at runtime
- No framework, no build step. Plain HTML, CSS, vanilla JS No accounts, no gated content, no pay-to-rank. Happy to answer any questions about the approach or the security tool landscape. Stack: Apache, vanilla JS, Google Sheets as CMS, Let's Encrypt Follow-up Comment (if asked about data/methodology) The scores come from a combination of:
- Gartner/Forrester positioning for Market Score
- Community sentiment (Reddit, HN, security forums) for both scores
- Direct practitioner feedback from CISOs and security engineers
- Pricing transparency and free tier availability for Value Score We deliberately keep it simple with two 1-5 scores rather than trying to build a complex weighted system. The goal is to help someone go from "I need a DAST tool" to a shortlist of 3-4 options in under 5 minutes. Open source tools like Nmap, OWASP ZAP, and Trivy tend to score 5/5 on Value. Enterprise tools like CrowdStrike and Mandiant score 5/5 on Market but lower on Value due to pricing. Follow-up Comment (if asked about business model) Right now it's free with no monetization. Long term we're considering:
- Featured listings (clearly marked, doesn't affect scores)
- Lead gen for vendors (opt-in only, buyer initiates contact) We won't do pay-to-rank. The scores stay independent. |
Any plans for ranking SIEM/SOAR/EDR or other defensive stuff?