Show HN: Automated code security assistant for developers
shieldfy.ioHello HN, It's my pleasure to introduce to you Shieldfy, a code security assistant.
It started back 10 years ago in 2010, I was a team leader in a small software house, we were building websites and applications for customers. One day I wake up in a phone call from my manager that one of our websites has been hacked. I jumped out of my bed and opened my laptop … yes, its hacked. It was a nightmare, I didn’t know where to start and almost lost my job back then.
The short story is that a hacker exploited a vulnerability in the website to log into the admin panel and take control of the website.
I was devastated but I decided that I need to learn more about security .. being a developer without know how to secure your code is not enough. Two years later I was in good shape and started to work as a security consultant for development companies especially to work for developers to strengthen their codes.
Here we come, in 2016 I decided to quit my job and start a cybersecurity company, my dream was and still to enable developers to write secure code, to not face a disaster as I faced before. Are you crazy? That what I heard from everyone at my friends, colleagues, starting a security company .. in the MENA region .. in Egypt! and not a security service, it’s a Product, a technical product.
I admit it was scary for me too, the economic situation and currency devaluation pushed a lot of talents to leave the country and work abroad. and the remaining is afraid to work for a startup. Luckily, I found 2 co-founders who were my colleagues from my last company. and we incorporated the company in Delaware, US. to implement credit card processing via Stripe. (Thank you Stripe Atlas.)
After days and days of a sleepless night, we have now a minimum product we can sell, we launched but no one came. Ok, Let us discover channels to market the product. We listed the product in the beta testing website like beta list also submitted in Reddit, FB groups, Twitter .. everywhere After a lot of hassle to get the words out, we got some users, and one day I opened my email to find confirmation about the first paid user
From getting the first traction to first paid user, to be accepted in Cylon accelerator in London, yay (after a lot of rejections from local accelerators). But, we couldn’t get a UK visa (rejected two times) and the Cylon opportunity disappeared And if that wasn’t enough, my two co-founders decided to leave. There was not much money in the company back then, and churn was very high. There weren’t any lights at the end of the tunnel.
But I felt the spark again inside me, I must not ever give up. I need to push it further.
We changed the core product to focus more on finding vulnerabilities inside the developer code. That’s the original goal, help developers to write more secure code.
We also decided to focus on companies that have it’s own dev team in-house. But i need money to continue ….
I pitched the company to 50+ VCs and angels and believe me that is a big number here in Egypt, especially if you know that the total number of active VCs in Egypt was lower than 20 VCs, and nearly no active angels. And the answer was No, We need some traction, We need a lot of traction, You are a solo founder now, Do you think you can build this technology?!!
My last pitch was to Arzan Capital, and I was very lucky because the venture partner is an entrepreneur, he co-founded Jeeran, one of the first internet portals in the MENA region. And guess what he is a developer by heart and he still writes code till now.
He was very interested in our product and after a couple of tough meetings they decided to invest. That was it, I expanded my team to include some crazy developers and security engineers like me, who believe we can build that thing.
After a couple of months, we got more traction and we got into 500 startups accelerator program, the first in the MENA region. It was a life-changing experience interacting with well-experienced mentors coming from Silicon Valley. We refined our Idea, our technology.
And now I’m happy to announce our product, Shieldfy — Your virtual security assistant.
That’s our story, I'm happy to answer any question regarding the product or our journey.
Which languages are supported? I went through a few pages on the site but could not find the information.
Now we support Javascript and Typescript in both frontend and backend (Nodejs)
I am sorry if it's not clear in the website. I will definitely update the website to make in clear. Thanks
> both static & dynamic analysis
I very, very much doubt you are doing DAST. You should remove that claim or provide more details.
We are doing DAST but in micro level to parse different syntax and features of javascript (ES6,7,8). I think I will remove the claim till we provide more context to avoid any type of confusion. Thanks.
> Connect Shieldfy with your presonal or organization github account.
presonal -> personal
https://shieldfy.io/how-it-works/
The page title is also not properly capitalized.
Good luck!
Done, its now fixed :), Thanks for the catch
The screenshot of the Github message on the homepage has lower case 'i' as well.
Oops! I think we need to do a full QA on the website. Thanks again for noticing this :) Will fix it today
Oh sorry for that. We will fix it now.
Really nice website. Good job! One thing which I noticed is that on my phone (One plus 6t) main text and cta on the top of the page is not centered :/ probably it's easy fix :) Anyway, maybe you would like to introduce your tool on my side project's website https://owwly.com
Thanks for the catch, will fix it. pretty interesting website, maybe I will add Shieldfy later today.
Very cool. How does this compare to Snyk? https://snyk.io
Snyk is only focusing on the dependencies vulnerabilities (third-party libraries), Shieldfy on the other hand detects both code/dependencies vulnerabilities. That gives you a better view on your code security.
Good luck. Will you add other login methods?
Now we support login with Github, We are working on the integration with bitbucket and it will be released very soon.
Gitlab also on the product map, but we didn't specify release date yet.
what is an SQI injection?
https://shieldfy.io/product/code-vulnerabilities/
looks like a typical SQL injection to me. how could someone typo that for SQI. security product needs attention to detail ...
I'm sorry about that, I think we tried so hard on the security engine itself and forgot to pay attention to the frontend. You are totally right "security product needs attention to detail". Will have it fixed today
Sometimes it's referred to as SQLI.
Where does package vulnerability data come from? Are you using your own database?
Yes, We use our own database. The data comes from Public disclosure vulnerabilities as well some of privately reported vulnerabilities from internal sources.