Helping businesses secure their web apps

The status quo in the cyber-security industry is that most small businesses can’t afford a security solution, and any attempts to become more secure are either drowned in technical jargon or in distant price-ranges. In order to change the way businesses deal with security, this status quo has to be challenged.

Having this in mind, a few days ago we released a new free plan. This plan will provide some basic but valuable web vulnerability scanning of your web application, i.e., it will scan your web app for some security issues, report the findings and give guidance on how to fix them.

Free as in beer

Why did we release a free plan?

This may sound cliché but, here at Probely, we want to make web security more accessible and affordable to every business. We often see security being under-prioritized (especially in small businesses) due to low budgets and lack of resources. So, we wanted to encourage businesses to take their first step towards securing their Web Apps, regardless of their budget or size.

It’s 2018 and we still see companies struggling with applying security best practices and implementing an application security program. A lot of businesses haven’t even done the basics, and we want to change that.

For all I know, I might be one of your customers. In that case, you are storing my data, either my personal identifiable data or data about my business. So it’s also pretty much in my interest that you take security into account when developing your product.

So, what does the free plan include and what value can you get from it?

Probely’s free plan is the first step you can take towards securing your Web App. It includes what we call a lightning scanning profile. The lightning scanning profile only looks for a subset of vulnerabilities, such as the ones related to SSL/TLS, cookie flags, and security headers. Since the scanning profile is fast to execute (all tests take less than a minute), you can include it into your CI/CD pipeline in blocking mode. You can use our API for setting that up.

Even though it only looks for a subset of vulnerabilities, it is very important for getting the basics right.

Why is it important to fix these basic vulnerabilities?

To answer this question we need to think like a hacker would. When I do penetration testing, within the first 10 minutes of work, I already get a sense if the likelihood of finding something good is high or if I’m going to have a hard time to find anything. And why is that? Well, once I figure out that the first few basic steps toward a secure Web App aren’t taken, I get a pretty good idea on how much the company cares about security. If your Web app doesn’t even have the basics implemented, can you guess what are the chances of finding something more critical down the road?

These days, hackers hack for profit. There are usually three types of modus operandi:

They have access to the information about a vulnerability in some version of a software that is widely adopted, scan the entire internet looking for businesses that use that version, and hack those companies. This is the most common scenario.
They were paid to attack a specific business (e.g. a competitor). This is not so common as the previous case, but I’ve witnessed a couple of cases recently.
They surf the web and look for easy targets that fit certain criteria (e.g. have valuable assets). In that case, guess what? If they stumble on your site and you don’t even have some of the basics implemented, they’ll identify you as a potentially easy target. But if a hacker sees that you are taking Security into account, they’ll move on to the next target, hoping that it will be easier than yours. If they hack for profit (like most hackers today do), from a business perspective, doesn’t it make sense for hackers to spend their efforts on easy targets?

All this put shortly: Due to the fact that hackers usually attack easy targets, a slight improvement in your security will lower your chances of being hacked. However, keep in mind that Probely’s free scans are just a start and are not sufficient for securing your web app.

If you’re still reading, it means that you’re on a good path. You’re interested in improving the security of your WebApp. So, what do you do now?

You can get started with scanning your website for some basic vulnerabilities here, and use Probely’s guidance on how to fix them.
You can learn more about cyber-security. Here are some suggestions:

This one will introduce you to different solutions for testing your security
And this one will teach you more about Web Security testing

If you have any questions, or want to get our advice on security, do not hesitate to contact us. We are always willing to help!

More from Probely

Scan internal applications for vulnerabilities
Many companies have internal web applications, accessible only from their corporate network or through a VPN. These are often back-offices, management portals, HR applications, and everything that makes sense only for the company workforce, not for their clients. This also means that cloud services, like Probely, could not scan them for vulnerabilities. Until now.
Tiago Mendo
January 20, 2021 · 5 min read 0
Features DAST Scanner
Shift Left Security Testing To Improve Web Application Security
Shift left security incorporates security and testing phases at the earliest stages in SDLC, which can be done by integrating security testing in CI/CD pipelines.
Kevin Beaver
April 1, 2022 · 5 min read 0
Best Practices Shift Left Security by Design
New Business Case Study for the OLX Group and Probely
This blog post describes our partnership with the OLX Group that enabled them to use Probely’s API driven security scanner to secure their customer data and facilitate creativity. Probely integrated quickly with their in-house solution Dalek and provided evidence of vulnerabilities with no false positives.
Nuno Loureiro
June 30, 2022 · 2 min read 0
Case Study Web Application Security API Security DAST
From Risk to Resilience: Achieving HIPAA Standards in Your App
Discover essential steps for creating HIPAA-compliant APIs and web applications, ensuring patient data safety in the evolving healthcare sector.
Tiago Mendo
March 15, 2024 · 5 min read 0
Cybersecurity