Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

‘Secure Coding as a Service’ Firm Sqreen Raises $2.3 Million

Paris-based start-up Sqreen announced that it has raised a $2.3 million seed round to ship app ‘protection-as-a-service’. This service “provides every developer a simple way to get the security their applications deserve,” the company says.

Paris-based start-up Sqreen announced that it has raised a $2.3 million seed round to ship app ‘protection-as-a-service’. This service “provides every developer a simple way to get the security their applications deserve,” the company says.

Traditionally, security teams have been understanding: security is a bolt-on after-thought added to products after development. The business pressure for delivering new product and getting to market as quickly as possible, especially for new start-up companies, has always taken precedence over security.

Security belongs to security experts who have to mitigate the vulnerabilities built by insecure coding practices into what become insecure products. Sqreen wants to change this.

It believes it can help developers produce secure code from the outset. It suggested in its announcement that developers don’t dislike security, they just feel inhibited by its requirements. “Developers have equated [security] to constraints that limit their freedom to code and to painful processes.” The implication is that if secure coding could be made unobtrusive and painless, it would be accepted by developers.

Sqreen automatically detects vulnerabilities in the code as it is being developed. “Sqreen provides real-time defenses that continuously adapt and learn from millions of attacks sourced from the community,” said the company in its announcement. “Thousands of security threats are supported – including SQL injection, cross site scripting, code/command/file injections, and cryptographic weaknesses.”

Rodolphe Menegaux from Alven Capital explains the traditional problem. “Security is overlooked by early-stage companies growing fast, but it quickly becomes a high priority once they are more mature. Few developers are enthusiastic about the extra workload and rigor involved in securing applications.”

The solution, says Pierre Betouin, Sqreen’s CEO, “is to put security back into products and let the developers embrace this [security] role again. It is pretty obvious that products should now be embedding their own security logic to protect themselves.”

Betouin is one of two co-founders at Sqreen. He spent 9 years with Apple leading the team in charge of security assessments for the Internet Services department, hacking products and designing protection. He personally holds 23 US patents. His co-founder, Jean-Baptiste Aviat, also spent five years with Apple, hunting and eliminating vulnerabilities from Apple code. He holds two US patents. Effectively, they started Sqreen to eliminate the need for their earlier functions.

The solution leverages the power of the cloud to build a huge database of vulnerable coding. The company claims that it takes less than 30 seconds to install into the developer’s Ruby-on-Rails (and soon also Python), and from then on it helps to detect and eliminate weaknesses. It uploads some information, such as memory dumps, to the Sqreen cloud in order to continually expand its own knowledgebase of data threats.

It’s early days yet, but the new injection of capital makes it more likely that the vision will succeed. The ultimate goal will be to include machine learning so that secure coding becomes as seamless as possible.

Related: How Good Security Practices Complement Developer Productivity

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Vulnerabilities

A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.