[Tech30] How AppSecure is making ethical hacking mainstream

[Tech30] How AppSecure is making ethical hacking mainstream

Sunday October 01, 2017,

4 min Read

Cybersecurity startup AppSecure aims to connect companies and ethical hackers to help the former discover and thwart security bugs.

In today’s digital world, convenience has brought along a constantly evolving threat – cybersecurity. Over the past few months, the threat is getting stronger. The biggest one in recent times has been Ransomware, a malicious type of software, which publishes a victim’s data unless a ransom is paid. According to Europol, Ransomware today represents a major threat to global cybersecurity.

Anand Prakash, ex-security engineer at Flipkart, felt cybersecurity would be a huge concern with the growing number of startups in India. While at Flipkart, he worked as a hacker, and looked for security loopholes in companies.

Rohit and Anand

The initial days

Hailing from a small town in Rajasthan, Bhadra, Anand’s love for technology started when he was in Class 8. Starting with trying to use the internet for free, Anand today is a popular ethical hacker and has been responsible for finding several security loopholes in various companies. While doing this, he came up with the idea of AppSecure.

Started in May 2016, the platform works as an aggregator that connects ethical hackers to companies. Companies are always keen to quickly discover security loopholes and who better than hackers to give them that information? The startup acts as a common ground for hackers and companies to connect.

Anand says: “Currently, how it works is that if I find a bug in a website or a product, it becomes difficult for me to report that to the company. We want to create a channel where it becomes easier for hackers to reach out to companies and explain the loopholes present.”

The challenge: convincing companies

Being an ethical hacker for over two to three years, it wasn’t difficult for Anand to find and get the right hackers from across the world. But the challenge was convincing companies in Asian markets about the importance of this aspect of their business.

“When we started, most startups and even banks and insurance companies didn’t look at it seriously. There were few companies like Flipkart that bothered to have security engineers,” Anand explains.

With the growing threats, companies realised the business impact these security concerns would cause and started taking AppSecure seriously. Anand soon roped in his friend Rohit Raj as a Co-founder.

How does the platform work? A group of hackers look into the platform, find different loopholes and share those with the company.

The workings of AppSecure

The team is still working out and finalising the right pricing model. Currently, they also offer a subscription model, where companies can choose to subscribe with AppSecure for a monthly or yearly amount. The yearly cost is approximately between Rs 2 and 3 lakh.

The company pays only when a valid security bug is discovered and reported. AppSecure charges the company a certain extra amount for every valid bug.

Anand adds that this model works specifically for companies that do not have internal security engineers. In this case, AppSecure deploys ethical hackers that look into the app, or platform, of the company and checks for all kinds of bugs. Following a services kind of model, AppSecure has two key products:

  • HackerHive is a crowdsourced vulnerability-coordination and bug-bounty platform that connects businesses to a network of some of the best and trusted security researchers. These researchers help businesses receive and resolve critical vulnerabilities before they can be exploited.
  • com works for businesses and their projects by continuously finding vulnerabilities and issues in their dependencies.

Currently the team claims to have Flipkart Group, OYO, Jugnoo and FreshMenu among its clients.

Meanwhile, the cybersecurity threat keeps growing.

According to P P Chaudhary, Minister of State for Electronics and IT, India saw over 27,000 cyber security threats being reported to the Indian Computer Emergency Response Team (CERT-In) in the first half of 2017.

No wonder cybersecurity is gaining so much importance. Threat Landscape, another Tech30 startup, offers threat intelligence to security operations teams.

But the AppSecure team is aiming to grow bigger and focus on deeper security issues that companies face. Much needed as the future is digital!