ArmorHub is today launching a web security service targeting startups, small-to-medium sized businesses, and most importantly, the layperson who knows that website security is something to be concerned about, but doesn’t know how to monitor their site or what to do if an issue is found. The company is being bootstrapped by Evan Beard, previously the founder and CEO of eTacts, which sold to Salesforce in 2010, and Kendall Dabaghi, whose background includes two years at McKinsey focused on the big data challenges among the Fortune 500 IT companies.
Beard says the inspiration for ArmorHub came out of his own experiences building apps over the years. “One thing that’s always in the back of your mind when building an app is – well, I know the rules for making sure we don’t have a security vulnerability, and I’m pretty sure I’m following them, but have I made a mistake?” he says. “You can read over your code, have a friend take a look at it, but it’s difficult to know for sure you crossed all your t’s and dotted your i’s. And one small mistake means that someone can access all your users’ data. If you’re a startup, that’s minimally, a very embarrassing blog post and email to your users.”
However, while the idea for ArmorHub was borne out of developers’ own needs, the two co-founders wanted to also provide a service that anyone can use. “We’ve built this app to be accessible for someone like my dad – you don’t need any technical knowledge,” says Beard, mentioning his father, a lawyer who knows enough to browse the web and worry about security, but that’s about it. “We tell you your vulnerabilities and you can fix them yourself if you know how. But if you don’t, we make it really easy to bring us in to help.”
ArmorHub’s service is free to use. Just enter your URL and email address, and it can send a report to your inbox. The service checks for the highest-rated vulnerabilities in terms of impact, according to OWASP, including things like cross-site scripting and SQL injections, but it’s also capable of scanning modern web frameworks like Rails, Django, and Node.js, which are popular among startups. For small businesses, the service can comprehensively scan SMB platforms like WordPress, Magento, and Joomla. And like some website monitoring platforms, it can scan for malware, too. Of course, for sites that use ArmorHub from the start, malware shouldn’t be much of an issue.
“Malware detection is kind of a reactive approach, but we take a more proactive approach to prevent things from ever taking root,” explains Dabaghi. “We scan your server, find the vulnerabilities, alert you to them, and then prevent the malware from ever taking root, versus trying to remove it after you’ve already been hacked,” he adds.
Although there are many services on the market offering vulnerability detection, many of these are designed for the enterprise, not smaller businesses. And few are offering to also fix vulnerabilities. ArmorHub hasn’t priced that aspect of its business yet, but is instead offering plans for companies with multiple sites and who want more regular scans, among other things. These users can also get an ArmorHub badge to display on their websites.
Interested users can test out ArmorHub for free starting today.
Based in Washington, D.C., ArmorHub’s co-founders are currently the only full-time employees, and the company has not yet taken in outside investment.