The SaaS CTO Security Checklist

Today we are really excited to launch The SaaS CTO Security Checklist.

The idea for the SaaS CTO Security Checklist came after talking to tens of startup CTOs. Most CTOs today have a software engineering background but have only limited knowledge about securing applications at scale. The goal of this checklist is to provide a basic go-to resource to solve that issue. This is a checklist that all SaaS CTOs (and anyone else) can use to harden their security. Security shouldn’t feel like a chore.

The checklist introduces several categories of topics:

  • Your Company
  • Your Employees
  • Your Infrastructure
  • Your Code
  • Your Application
  • Your Product Users

We differentiated the items by company stage to give a level of importance to every topic.

Here is a selection of some of the topics we cover:

  • Have an internal security policy
  • Restrict internal services by IP addresses
  • Protect your application from DDoS attacks
  • Enforce a secure code review checklist
  • Use a Static Security Code Analysis tools
  • Use a real-time protection service
  • etc.

This list is far from exhaustive, incomplete by nature since the security you need depends on your assets.

Feel free to share your thoughts and contribute to the Github repository.