Building a SaaS as a solo founder. Enterprise companies have security teams, pentests, bug bounties. We have... hopes and prayers?
Curious how others approach this:
- Do you do any security testing before launch?
- Ever had a vulnerability reported? How'd it go?
- Bug bounty programs seem overkill for small products or are they?
Not looking for "just use Auth0" type answers. More interested in the practical stuff indie devs actually do (or skip and regret).
Comments
jqpabc123•2w ago
What I did as a solo SAAS founder over 25 years ago was radical and totally outside the box --- I wrote my own multi-threaded, multi- tenant web server and database.
Why?
Because the security of canned off the shelf all encompassing solutions was horrible at the time.
By doing this, I have nearly full control and can scrutinize, qualify and filter every single request made of my totally unique software. Nothing comes in or goes out without my approval. My main concern is an issue with the networking stack which I did not write.
After 25 years of being attacked on the open internet on a daily basis, my server security has never been breached to my knowledge. The main security issue I have is small scale denial of service type events which I handle by simply blocking the IPs.
jqpabc123•2w ago
Why?
Because the security of canned off the shelf all encompassing solutions was horrible at the time.
By doing this, I have nearly full control and can scrutinize, qualify and filter every single request made of my totally unique software. Nothing comes in or goes out without my approval. My main concern is an issue with the networking stack which I did not write.
After 25 years of being attacked on the open internet on a daily basis, my server security has never been breached to my knowledge. The main security issue I have is small scale denial of service type events which I handle by simply blocking the IPs.