Anonymous: Early stage startups and web security

[jasoncwarner]

Asked Anonymously

What should a early-stage startup keep in mind for web security ? Or what would be a checklist for web-security for early age startups ?

[jasoncwarner]

I think this depends entirely on what you mean by 'web security' though to assume a few things, let me say that my general advise for all early stage startups is extreme focus. Focus on why you exist in the first place and let someone else handle everything else.

In the early stage case, as much as you can with your cash position, literally pay someone to handle details. Like computer, storage, monitoring, alerting, messaging, billing, etc etc etc. If it isn't why you started the company in the first place, get it out of your way so you can focus on your 'why'.

And yes, this goes for figuring out all your deployment stuff. Literally just use Heroku and GitHub for everything. I mean it. When you do this it's very likely almost all your web security/security concerns are already covered too including threat mitigation (think DDoS etc etc).

See #26 for a more in-depth answer on specifics.

If you meant something else with 'web security', feel free to add more or ask anonymously again and I'll go deeper!