A range of things can be done to a website when in the hands of one with malicious intent and a hacked website is an internet company's worst nightmare. But when I saw a sample report that Ritesh Sarvaiya has made on the number of ways a website can be hacked, I was taken aback. Let me put things in perspective; as an internet business, your website is like what an office space is to an offline business. Imagine having that destroyed or defaced?
This was the problem that Ritesh sought to change. But the way he went about it was the interesting part. This process included exposing loopholes to the largest IT conglomerates like Apple and Zynga and going on to be recognized by PayPal as a part of the wall of fame for the top 10 white hat hackers.
Ritesh's Defencely.com is an interesting startup which will not only help you find loopholes in your website and also provide you with the instructions of how to patch the product. With some of the biggest names in the field of security on board, Defencely.com is eventually looking to serve the e-commerce industry in India.
Bringing "Zero-Day" threats to notice
Founded in 2012, Ritesh believes that Defencely is one of the first companies in India to be looking at the cloud security space. He says, "Most cyber security teams at large companies do a very superficial level of testing. But to get to know new threats that you had no idea existed before, you need to probe the system manually. These zero day threats don't show themselves up by the methods used today."
To prove this, Ritesh went to the US and spent almost a year bringing Zero Day threats to the notice of very large companies like Google, Zynga, Apple and more recently, PayPal. He says, "We are the first Indian company to be featured in their wall of fame as a white hat hacker. Now when companies like those can have such serious threats, imagine what companies just starting out can have."
Ritesh shared that eight of the top researchers from the world of cyber security work at Defencely. He says, "We're still building the team. Large companies put out bug bounties, where they reward programmers who can find a bug in their system. I thought that through the expertise that we have, we can make this service a viable business model in itself. That's the essence of Defencely."
"We aim to serve the top 500 e-commerce companies in India"
Ritesh shared that the initial phase of security testing a website is done by using conventional methods like Burp Suite, which would automatically check websites for faults it may have. However, Ritesh shared that this is only the preliminary round of testing at Defencely. He says,
"The scanner runs based on some set commands and then throws up a ready made report. The real value in our services come from the manual penetration tests that we perform."
Post this, Defencely writes up a report and is shared with a client. However, Ritesh shared that other than just sharing the report, Defencely helps in fixing the bugs as well. He says, "It's a unique proposition. Most people just notify companies of the problems their site has. But because these are Zero Day threats, we also help them patch the faults as well."
On a concluding note, Ritesh shared that Defencely aims to secure the top 500 e-commerce sites in India. He says, "Imagine, you're selling an iPhone and someone manages to change the cost from 50,000 Rs to 5 Rs. How would an e-tailer handle that? I want Indian companies to be able to transact online without any worry."
Vist Defencely.com to know more