Startup Security was created with the goal of providing security information to startup organizations that may not be familiar with Information Security in general. Even though modern frameworks take care of a lot the problems, there are a variety of other concerns such as infrastructure security, not to mention regulatory and compliance issues.

Startup Security was created after the summer of 2008 when I (Damon P. Cortesi) left my job to create my own startup. In becoming immersed in that community, I began to recognize that Information Security is even more of an after-thought than it is at big organizations. Furthermore, while frameworks like Ruby on Rails and Django address many of the typical web application concerns (SQL Injection, Cross-Site Scripting), there are still a lot of different concerns outside of those both in and out of the technical arena.

This site has two goals. Raise awareness for startups and provide a resource where startups can obtain information about the different concerns to be aware of, how to address them and possible tools for doing so. In addition, provide a useful resource for startup organizations that are aware of security, but not sure how to approach it in their limited environment or budget.

The author, Damon P. Cortesi, has been a professional security consultant for the past six years. Prior to that, he had fun as a Systems and Security Admin on a network with absolutely no firewalls. At the present time, he is currently busy building his own security startup as well as a couple side projects.

If you feel the need to get in touch, email me.