I'm lost. Does the "count" thing also go for REST security scans (that are integrated with Postman or manually import the API schemas), or is it just only if the inventories are integrated with GitHub?
Sure, Escape and Akita are quite different:
1) Escape is primarily for Security Engineers, Akita is more for developers
2) Escape discovers API with external scans, Akita discovers API by observing live traffic
3) Escape is a proactive security tool that finds issues before production, Akita is a monitoring tool that detects errors in live traffic
Hey there, so py-multiauth is a great project that we love, but it didn't get enough attention from the community for us to afford to maintain it outside of our main codebase.
Since then, we have completely revamped it to create py-multiauth v2 that supports basically all form of authentication as you can see in the docs https://docs.escape.tech/authentication/
py-multiauth v2 is not open source for now, but our eng team might be ok to open source it if there is interest from the community
The « Launch HN » posts, like this one, follow quite standard community guidelines that includes having a detailed description of how the product works to bring value to technical people from the HN community.
Of course, for investors, we would have written things differently, but we are not looking to raise money at the moment.
Hello, although we know HN's rules, some of our users don't. They just tried to help without telling us.
I guess we can be proud that they are our users and wanted to help. There was no intent to break HN's rules. We apologize for that happening, and we have told them about the rules so it doesn't happen again.
Hello motoxpro, the pricing page is accessible inside the product during the free trial.
Although, by nature, the security market is mostly enterprise, we do have plans for startups and SMB as well. Happy to have your feedback on our pricing btw, always something hard to get right.
Thanks! Is that something that you would ever consider putting on the main site, or adding some hints to show that that is possible once you sign up? Or maybe that you could share here?
I understand the potential market, however, as a startup, I probably wouldn't (and won't) sign up because I have been burned too many times when companies pivot to enterprise pricing only (i.e. Hasura) and it doesn't give me much confidence there would be a reason for you to continue supporting those plans since it's not the focus of the company based on not even having pricing on the home page.
Hello btown, you are indeed raising legitimate questions here.
You are right in the sense that using automated security testing tools in production creates a risk. But there are workarounds:
1) Most of Escape's security scans happen on staging or pre-prod environments, where there is little risk of breaking something critical or finding real customer data.
2) We have designed a specific scan mode for production APIs, that is made with safety in mind. It will not attempt the riskiest attack scenarios and, thus will be safe for production use at the cost of scanning depth.
You can chose a scan mode when adding a new application for testing in Escape. So far, most of our users use both modes, one for the production environment and one for the development environment, to spot bugs early.
No user ever had problems with the production scanning mode.
By the way, the core algorithm powering Escape is more a graph traversal algorithm than LLMs. We do use a small, self-hosted LLM for specific inference tasks, but everything is made in-house, and we don't use OpenAI or any other inference API.
Thank you, yes, we originally supported GraphQL only and released REST scanning support a few months ago. We plan to support all types of APIs ultimately.
Hope that makes it more clear!