Outsource security for my web app?
Posted: Sun Sep 04, 2011 2:44 pm
I'm working on a custom CMS app. To keep a long story short, this is the first app that I've built, my experience is limited, and this is a learning process for sure. Having said that, I'm really proud of it, and I'm getting a very positive response from the few that are using it. I would like to start sharing it with more people, and marketing it along with my design services. Here's the thing... I'm comfortable taking on the challenges that this project presents, and I'm comfortable answering for bugs and glitches that result from my inexperience. I'm not comfortable with user's data being unnecessarily vulnerable due to my inexperience. I hope this doesn't appear lazy. I've spent a ridiculous amount of time on this app and it's been a great experience so far. I'm just trying to be responsible and face my limitations. The more I learn about security, the more I realize I need to know and I would simply rather put my time into other areas of the app.
I'm considering posting the project on a website like elance or something similar but I'm having trust issues with this. I have a working login system and I don't need someone to put their name on a login script and sell it to me. My problem is I don't know how to expose vulnerabilities or audit the security. If I did, obviously I would be more comfortable with my own script. So I would be at the mercy of the developer I hire. Is outsourcing security like this common practice?
The other solution I was hoping to find is a third party app that manages authentication etc... Maybe something that I could just hook into with my application? I've done some poking around but I haven't really found anything like this. If something like this exists, I think it would be ideal. Though it may sound silly, I have this feeling like if I was paying for something on a regular basis, there would be a certain level of accountability that goes along with that. Also, if the third party app was specifically built for that purpose, I would expect more quality and reliability.
I know this question is a little broad, but any advice or direction that anyone could offer would be greatly appreciated!! Thanks to you all for your time!!
I'm considering posting the project on a website like elance or something similar but I'm having trust issues with this. I have a working login system and I don't need someone to put their name on a login script and sell it to me. My problem is I don't know how to expose vulnerabilities or audit the security. If I did, obviously I would be more comfortable with my own script. So I would be at the mercy of the developer I hire. Is outsourcing security like this common practice?
The other solution I was hoping to find is a third party app that manages authentication etc... Maybe something that I could just hook into with my application? I've done some poking around but I haven't really found anything like this. If something like this exists, I think it would be ideal. Though it may sound silly, I have this feeling like if I was paying for something on a regular basis, there would be a certain level of accountability that goes along with that. Also, if the third party app was specifically built for that purpose, I would expect more quality and reliability.
I know this question is a little broad, but any advice or direction that anyone could offer would be greatly appreciated!! Thanks to you all for your time!!