Ask HN: How to Security Audit for Noobs?
Hello, I started working on a side project during my free time, and I was thinking of converting it into a side hustle. The side project involves ensuring data-integrity and ownership of a file by storing metadata about it in blockchain (the actual file isn't stored). I was thinking of letting others use it, but what if it's not secure enough? What if people use it and something happens, would I be in hot water?
Once I develop the project enough, I do plan to make it open source, and only after that I would launch. At least that's the plan. I was wondering how to do good enough security audits on your own when the software is finally built. As I am merely a sophomore in college, I can't afford professionals for the same.
What do you guys suggest? Use an existing framework, focus on the basics. And don't use blockchain. Interesting, why not blockchain, thought of it because suppose the website shuts down, people can still verify the files. Use non-overwriting backup, with very long retention cycles for any live data and configuration. >why not blockchain Why blockchain? Many things involve integrity checks other than blockchain. Are you not educated on the alternatives, and thus only suggestion what you know? Again, blockchain seemed like a good solution because I am trying to make the whole verification independent of my platform. I don't want the data to be gone if my site goes down. Here by blockchain, I mean public blockchains