Published on

Navigating the SaaS Security Landscape: A Toolkit For The Modern Web

Security is something nobody likes to think of. We love to jeer at companies who suffer data breaches. But that would never happen to us right? We use serverless and NoSQL, how could we possibly have issues? Unfortunately, security problems can plague all of us. And even if we don't get problems, compliance and regulation can neccecitate using security tools.

Today, I'm going to chat about some killer tools that help you do just that. I am a current customer or past customer of all of these tools.

SSL Monitoring - TrackSSL:

URL: https://trackssl.com/

First up, let's talk about SSL certificates. An expired SSL certificate is like leaving your house with the front door wide open. That's where TrackSSL comes in. This tool will keep a watchful eye on your SSL certificates and will notify you before they expire. It’s like having a personal assistant, but for your SSL certificates. One less thing to worry about! It sounds silly, but there have been lots of recorded cases of certificates expiring.

Server Security Monitoring - Shodan:

URL: https://www.shodan.io/

Shodan, often referred to as the "search engine for everything else", is a powerful tool for server security monitoring. It scans the internet for devices connected to the web, from standard servers to bizarre gadgets, providing you with a lot of info about these devices. It's like Google, but for servers and IoT devices. It's particularly useful to identify your own servers in the wild and ensure they're properly secure.

Previously, shodan sent me an email when a server I owned had a vulnerability on it with Apache2. Thankfully, I was able to patch it before it was exploited!

Bot Protection - Cloudflare Turnstile:

URL: https://www.cloudflare.com/products/bot-management/

Ah, bots! They can be helpful little critters, but they can also be a real pain in the you-know-what when they’re up to no good. To tackle this, Cloudflare's bot protection comes to the rescue. It's an excellent web application firewall (WAF) that helps filter out malicious bots trying to wreak havoc on your system. It not only blocks harmful traffic but also accelerates legitimate traffic. So, it’s pretty much like having your own personal bouncer!

Login Security Protection - LoginLlama and Auth0:

URL: https://loginllama.com/ - my own product! URL: https://auth0.com/

Let’s face it, managing logins is a critical, but often, tedious part of web security. But don't worry, there are some cool tools out there to take the heat off.

LoginLlama is a nifty tool (in this developers humble opinion) that keeps an eye out for any suspicious login activity. It’s like your own detective, always on the lookout for anything fishy.

Then there's Auth0, a super-charged login management system. It provides secure and streamlined user authentication. It’s got some serious features, like multi-factor authentication, single sign-on, and passwordless login options. It’s like the Swiss army knife of login security!

These two tools can be combined to provide a multi-layered securityy login process.

Managing Dependencies - Dependabot:

URL: https://dependabot.com/

As we navigate the complex universe of SaaS applications, let's not forget about our trusty sidekick, Dependabot. We all know how crucial it is to keep our dependencies updated, but let's be honest - it's a chore. Dependabot turns this chore into a breeze. It automatically checks for updates in your project dependencies and submits pull requests to keep your application up-to-date and secure. Dependabot is like a friendly robot tirelessly working to keep your project in tip-top shape.

I mostly use this configuration which keeps NodeJS and GitHub Actions up to date but limits the number of PRs it creates:

version: 2

updates:
  - package-ecosystem: 'github-actions'
    directory: '/'
    schedule:
      interval: 'daily'

  - package-ecosystem: 'npm'
    directory: '/'
    schedule:
      interval: 'weekly'
    rebase-strategy: 'auto'
    open-pull-requests-limit: 2
    ignore:
      - dependency-name: '*'
        update-types: ['version-update:semver-major']

Code Quality and Security - SonarQube:

URL: https://www.sonarqube.org/

Then, we have the powerhouse of code quality and security - SonarQube. If Dependabot is our friendly sidekick, SonarQube is the skilled detective meticulously scanning every line of code. It's an open-source platform used for continuous inspection of code quality. It catches bugs, detects vulnerabilities, and keeps an eye on your technical debt. With SonarQube, you're not just writing code; you're crafting secure, high-quality software.

By integrating Dependabot and SonarQube into your SaaS security toolkit, you're not just reacting to security threats - you're staying one step ahead.

Wrapping Up:

Staying secure in the SaaS world is no small feat. But with tools like TrackSSL, Shodan, Cloudflare's bot protection and of course LoginLlama, you’re well on your way to fortifying your SaaS platform.

Remember, it’s not just about using the tools. It’s about understanding your security landscape and picking the right tools for your specific needs. So, go forth, explore these tools, and stay safe out there in the wild wild web!

If you'd like to give LoginLlama a try, you can! It's free for up to 1000 logins per month. Sign up here.