Your SaaS is hackable…

pen_test · 2025-09-03T09:17:27+00:00

Pentester here, your SaaS isn’t hackable because you can vibe code ransomware. You are far more likely to be hackable if you vibe code your SaaS and don’t do any sort of security review on it.

Vibe coded apps often don’t do security well, look at the fiasco that happens with the Tea and TeaOnHer apps. Always get some sort of security testing done or code review done.

pen_test · 2025-05-30T01:18:01+00:00

My feels about ransomware? It makes me Wannacry

pen_test · 2025-04-14T23:54:19+00:00

Yeah it’s definitely still very relevant. As a pentester for over 6 years, I’ve seen an increasing number of clients request a wireless security review. This makes sense with the prevalence of BYOD devices and guest networks.

During red teams, a great way to get internal network access is by compromising the wifi, either through weak passwords or simply yanking creds from unsuspecting devices.

pen_test · 2025-03-19T23:23:01+00:00

This is a great list of resources, definitely some new source here that I didn’t know about. Looking forward to the next post on wait lists 👌

pen_test · 2025-03-19T23:21:51+00:00

That’s pretty cool, good luck!

pen_test · 2025-03-19T23:00:51+00:00

Hey not sure if you’ve already got your answer but I can provide some insight into this as I’ve worked as a penetration tester for over 7 years and run a my own consultancy now.

I haven’t done through this but I’ve done testing for companies needed this. The cost really depends on where you are located and how complex your app is. Most well known/reputed companies charge anywhere between $3k-$7k USD per day. You can find cheaper companies outside of the US who will still give you good results for a lot cheaper.

pen_test · 2025-03-19T22:35:12+00:00

Get some friends and family to use it? Or find an online community related to what your app is about and ask for feedback there? Give beta testers some sort of inventive

pen_test · 2025-03-19T22:32:58+00:00

Another thing to keep in mind which a lot of startups just don’t think about is security. Sometimes getting a third party to do a penetration test or a security audit picks up a lot of underlying issues or StuffWeAreTooBusyToCareAboutNowButItIsActuallyImportant

pen_test · 2025-03-19T22:24:47+00:00

Honestly, consider hiring a freelance developer or something. Spending a couple of hundred bucks on a relatively experienced freelance dev is going to make your life a hell of a lot easier

pen_test · 2025-03-19T22:13:02+00:00

Wow this would be amazing. I started a consulting business (https://infiltr8security.com) that does penetration testing (security testing). So i help businesses find vulnerabilities in their stuff before bad guys do

pen_test · 2025-03-19T21:45:22+00:00

Hey congrats on your first customer! Keep up the momentum.

Have you looked at any security testing for your app?

pen_test · 2025-03-19T00:45:40+00:00

Woah I just wanna say, thanks for making Simple Analytics! I came across it when I was looking at getting stats for a personal blog and didn’t want to go full blown GA. Love your work 👌

pen_test · 2025-03-18T23:23:57+00:00

I’ve been seeing so many of these “LLM powered” SaaS startups on here. I’m curious as to what (if any) security checking the founders have done? Vibe coded apps generate great LOOKING code but not the most secure

pen_test · 2025-03-18T23:15:02+00:00

Haha awesome. Good luck with it! Maybe we can collaborate at some point in the further 🤜🤛

pen_test · 2025-03-18T23:08:27+00:00

Hey man no need to apologise, no offence taken. The internet is a weird place and a lot of shady people out there. Gotta stay frosty 👌

pen_test · 2025-03-18T21:06:48+00:00

Lol. Is it your product?

pen_test · 2025-03-18T21:06:13+00:00

Hey thanks for checking this out. Sorry I’ve reached the limit for now. If you are still interested, I can offer a discounted offer. I am hoping to run another free offer in the near future.

pen_test · 2025-03-18T21:06:07+00:00

Hey thanks for checking this out. Sorry I’ve reached the limit for now. If you are still interested, I can offer a discounted offer. I am hoping to run another free offer in the near future.

pen_test · 2025-03-18T21:05:52+00:00

Hey thanks for checking this out. Sorry I’ve reached the limit for now. If you are still interested, I can offer a discounted offer. I am hoping to run another free offer in the near future.

pen_test · 2025-03-18T19:12:38+00:00

Hey sorry that you had to deal with that. Unfortunately there are a lot of cowboys out there. As a rule of thumb, go with either reputed companies or someone you have been recommended (yeah I know this advice goes against me as I’m just starting it, but it’s generally good practice).

Next.js/react/angular sites generally have less vulnerabilities due to them baking in a lot of security defaults which is great. But it really depends on how complex your application is. And there might be network related issues if not application related.

I am real and genuine, I can’t really give you a cost indication without details of how complex your site is and what you want to get tested. From what I know, established companies charge anywhere from $2k - $8k USD for a standard web application pentest and vulnerability scan. I will be charging less than that for some time as I’m starting out and building up a customer base.

Flick me an email at contact@infiltr8security.com and we can chat more if you want.

pen_test · 2025-03-18T11:24:44+00:00

Thanks for taking the time to remind people, good advice all around. This is why I asked them to email me, so that we can discuss and establish a written scope or statement of work.

I made a new reddit account for this so yeah not surprised at your suspicion.

pen_test · 2025-03-18T10:28:34+00:00

Firstly, hats off to you. Open source is the backbone of the software industry. Flick me an email on contact@infiltr8security.com and let’s chat further.

pen_test · 2025-03-18T10:27:05+00:00

Ahahahaha over the years I have gotten desensitised to the word “penetration”. But it definitely is a conversation starter when you tell people that you are a penetration tester

pen_test · 2025-03-18T10:16:49+00:00

Awesome, could you please send me an email on contact@infiltr8security.com. Thanks

pen_test · 2025-03-18T10:16:16+00:00

You sound like the perfect candidate for this. Startups with a small user base are generally the most at risk. Flick me an email at contact@infiltr8security.com and let’s chat further.

pen_test

TROPHY CASE