QueueForge is a SaaS platform for hosting and debugging queue systems. We have a major responsibility to make our product secure and usable without our users having to worry about it. Even though we haven't launched our first MVP yet, we already feel this responsibility. It is not just the product we have to keep safe; it also includes our marketing website, the newsletter, our infrastructure, and our internal tools.
We want to give our future customers a quick dive into security at QueueForge and explain how we combine AI, human expertise, and automated analysis into a cohesive security concept.
How QueueForge uses AI for security
We use AI to scan our code for vulnerabilities and to identify potential exploit scenarios. We run these AI scans before every major deployment and after significant changes to the codebase. Through this scanning, we found multiple small misconfigurations in our reverse proxy and some in our admin dashboard. It is important to remember that these vulnerabilities could not have caused harm, as their impact was low or they were located in internal tools. This is a positive result: if the system finds small problems, it is capable of finding major ones too. We understand that AI cannot replace real people, but it effectively helps us improve the security of our product and website.
How QueueForge uses automated tools for security
We use automated tools to find vulnerabilities in dependencies and "low-hanging fruit" that can be detected through pattern recognition. We use services we trust, though we prefer not to disclose the specific providers. In addition to these tools, we perform npm audit and pip-audit scans every one to three days.
How QueueForge involves humans and the community
QueueForge does not rely solely on automated tools or AI to secure our services. We also perform manual searches for vulnerabilities, specifically before every major deployment that adds new functionality. We implement a "secure by design" concept, though it is common knowledge that this approach alone is not enough. Another key element is our public security research program, where anyone can participate. You can find it at https://queueforge.dev/security. Although we have not received a report yet, we believe this will help us in the future.
Stay up to date
If you want to stay informed about development progress, upcoming features, and announcements, you can subscribe to the newsletter. This is the easiest way to follow updates and new articles from QueueForge.
Top comments (0)