Categorized | Shoestring Startup

Golem Technologies – website security scanning on a shoestring budget

Golem Technologies is a website security scanning and vulnerability scanning company started in early February of 2011. I started working on the idea in April of last year after searching for an easy way to scan a friend’s website for security issues and vulnerabilities. I had found that nothing was both affordable and easy to use. As a result, I started thinking about how to make something for people who may not have a deep understanding of security issues online, and also wouldn’t have the desire or time to learn it. I came up with the idea for an automated tool that self-configured and scanned sites based only on a URL.

The service works on multiple levels. It is designed to be usable by anyone with a site, though there are different options for different types of site owners. Unlike most scanning software, entering a URL and clicking go will begin a scan. The scanner crawls the target site looking for all the various links and pages and page options possible. Once a comprehensive list of pages is found, the scanner searches them for known problems (known as signatures) which indicate a weakness. Since only a small percentage of vulnerabilities can be found this way, the scanner moves on to phase 2, which is testing the site for a variety of issues by actually submitting data can be used to test for issues. For example, a site may have a URL which includes a page ID to indicate which content should be used, something like /pageID=123. The scanner would recognize this and wonder if that page ID was open to attack by asking to return a page ID like /pageID=123+1. If the server returns pageID of 124, the scanner knows the addition was evaluated and is likely open to other forms of attack. Each page variant is subjected to several thousand such tests, and the problems are reported in an easy to read report.

I am also working on adding two additional scan phases into the scanner. The third phase will scan the site for known viruses, such as files which are known to be infected, or content on a page which is known to be part of an infection. Phase 4 will scan the site for links, and flag links which are known to be infected or to host infectious content. One common tactic of hackers today is to modify popular sites in a minor way, so that visitors are subtly redirected to infected sites, usually without any visible indication. Phase 4 would check for this type of attack. In this way, the Golem scanner would find both security holes which need to be investigated, and potential infections or attacks already perpetrated.

Some background on how I built it on a shoestring budget

I work full time for another company, so I financed the whole project out of my paycheck. I started learning programming when I was in high school, and continued through college and into my work life as a hobby. Putting up a website seemed like the next logical step. Using cloud services, I was able to rent a powerful production server for about $100 per month. I used website platform Drupal to accelerate my development, and my fiancée helped me with the design of the site. As a result, I had the whole site up and running 6 months after I started the planning for less than $1000 (plus time and sweat!), and spent a few more months doing testing and refining the product and pitch before officially launching in February.

From the beginning, I had planned for this to be a one man shop, using bootstrapped financing and leveraging contractors for tasks I wouldn’t have time for. I currently maintain 1-2 contractors for marketing and content generation, though I am still in the early stages of building out a reliable contracting base. Contractors have easily helped me increase my output for a reasonable cost, and the expenses can be controlled month to month as the business expands or contracts.

The key to launching for so little cash was the amount of open source technologies I was able to utilize. Using Drupal and many of the associated modules helped me to leverage other people’s expertise to quickly get functionality common to other sites such as shopping carts and security certificates. I could customize it to fit my needs without programming it myself or paying for support. Using other technologies like MySQL, Linux, and JQuery helped round out my technology stack, and leveraging their communities helped me fill in skill gaps where I had questions.

On the other hand, spending so much free time working on a new business without help leads to challenges in other areas of life. Because I try to keep costs down so much, I miss some opportunities, such as marketing channels, or opportunities for press coverage which I can’t respond to quickly enough. Customer satisfaction is one of my top priorities, so customer inquiries always take precedence. If I could go back to day one, I would have started my marketing cycle earlier in the process, and began to build a customer base prior to going live via mailing lists and newsletters. This would have given me a 6 to 8 month jump on my marketing efforts, while trading off some product development efficiency.

Marketing is still my biggest challenge, as I try to leverage contractors, press coverage, social media, and content marketing to increase interest in my site, and I have a lot of learning to do in this area. I work hard to minimize marketing spend while I build up my search engine rankings and communities around the product.

My long term goal is to generate enough revenue to replace all other forms of income, which I am still a ways from achieving. In my first month in business, I was about 50% of the way to break even, and I don’t expect to hit break even for a few months yet, though with such a low cost structure I can maintain the business for years to come.

Be Sociable, Share!

Leave a Reply

Shoestring Book Reviews

Shoestring Venture Reviews
Richard Hooker on Jim Blasingame

Shoestring Fans and Followers



Business Book: How to Start a Business

Shoestring Book

Shoestring Venture in iTunes Store

Shoestring Venture - Steve Monas & Richard Hooker

Shoestring Kindle Version # 1 for e-Commerce, # 1 for Small Business, # 1 for Startup 99 cents

Business Book – Shoestring Venture: The Startup Bible

Shoestring Book Reviews

Shoestring Venture Reviews

Invesp landing page optimization
Powered By Invesp
Wikio - Top Blogs - Business