DEV Community

Benjamin Frank
Benjamin Frank

Posted on

I built a website security scanner (because I kept shipping insecure projects)

#cybersecurity #security #webdev #programming

I’m a solo developer, and over the last year I kept running into the same problem:

I’d ship projects thinking “I’ll secure this properly later”
and then… later never came.

If I’m being honest, my cybersecurity knowledge isn’t great. I know enough to be dangerous, but not enough to feel confident. I’d regularly forget things like:

  • missing or misconfigured security headers
  • weak TLS / SSL setups
  • basic server or app misconfigurations that should be caught early

Most of these issues aren’t advanced attacks — they’re just things you miss when you’re focused on shipping features.

So instead of pretending I’d magically get better at security overnight, I decided to build a tool that helps catch these problems for me.

Example Scan with DataFast

Why I built SecureNow
SecureNow is a website security scanner that checks for common vulnerabilities and gives you a clear report with fix recommendations.

The goal is not to replace professional pentesting.
It’s meant to be:

  • a fast baseline security check
  • something you can run before or after deploying
  • useful for developers and small teams who don’t have a security expert on hand

Basically: “Did I forget something obvious?”

What it checks
Some of the features I thought were pretty cool (and honestly useful for my own projects):

  • Security header checks (CSP, HSTS, etc.)
  • TLS / SSL configuration analysis
  • Open port scanning (surprisingly, a lot of sites still expose things they shouldn’t)
  • Rate limit detection
  • API route checking

Clear explanations + suggestions on how to fix issues

Nothing intrusive, no exploit-style scanning — just automated checks that surface common problems.

Who this is for (and who it isn’t)

SecureNow is designed for:

  • solo developers
  • indie hackers
  • small teams

people shipping fast and trying not to break things (or expose them)

It’s not:

  • a full pentesting replacement
  • an enterprise security suite
  • something that magically makes your app “secure forever”

Launch & feedback

I launched SecureNow today, and I’m genuinely looking for feedback — not hype.
Things I’d really like to know:

Is this actually useful?
What checks would you expect from a tool like this?
What would make you not trust it?
Is the pricing off / too expensive for what it does?

If you want to take a look:
https://www.securenow.dev

I’m happy to answer questions, explain how things work, or hear why this is a terrible idea!

SecureNow Landing Page

Top comments (0)