sqreen Sign Up Information

Hi Eugene,

Just wanted to send a reminder that your Sqreen trial is ending in 4 days. 

A key element of application security is understanding what suspicious actors are doing within your app. With user monitoring in Sqreen, you can identify suspicious actors and drill into their activity to determine if they represent a real threat.

To see Sqreen in action, spin it up on an application of your choice. Sqreen starts monitoring security threats automatically.

If you need more time to trial Sqreen in your environment, let me know and we’ll get you sorted.

Cheers,
Paul

Hi Eugene,

Thanks for signing up for Sqreen! I wanted to check in to see if there are any questions you have or anything I can help you with.

Sqreen’s Application Security Management platform is designed to deliver visibility and protection at the application level, making it simple and scalable to make security a fundamental part of your application.

If you want to learn more about what Sqreen can do, we created a Getting Started demo that gives you a hands-on example of how Sqreen can work for you. Check it out!

Cheers,
Paul

Hi Eugene,

We're really excited to have you on board

We built Sqreen to help security and engineering teams at companies like Rainforest, Le Monde, and Algolia scale their security painlessly, without slowing down velocity. We look forward to helping you achieve that with your team as well!

Getting started with Sqreen is easy. Just install our microagent and Sqreen starts monitoring your application automatically. We don’t redirect your traffic, and we don’t collect sensitive data. 

To fully benefit from your free trial, check out our interactive Getting Started walkthrough. Or if you’re ready to move ahead now, deploy Sqreen on your production app.

Let me know if you have any questions. I'm happy to help.

Cheers,
Paul

Hi Eugene,

We built Sqreen to fit the modern application development lifecycle. We’ve focused a lot on making it easy to deploy and developed it to work asynchronously with your application, which means virtually zero performance impact, or CPU or memory overhead. 

If you’ve run into any trouble or have any outstanding questions about setting up Sqreen, let me know. I’m happy to help.

Cheers,
Paul

Hi Eugene,

Thank you for trying out Sqreen. We hope that you were able to get an idea of what Sqreen can do for you.

Security shouldn’t be a black box. It’s something that should be democratized across security and engineering teams. We built Sqreen’s Application Security Monitoring solution in an effort to bring security into the modern world -- a platform that is scalable and that provides tangible value without slowing down development cycles. We’d love to have you join us and the 500+ other companies that trust us with their security.

If you need more time to evaluate Sqreen or don’t see quite what you’re looking for, let me know. We’d be happy to help.

Cheers,
Paul

Hello ,

Welcome to July!

In this newsletter, we’re happy to share some info on our new and improved alerting digests, the latest resources hot off the press, and new Sqreeners.

Keep an eye out for an improved weekly email digest 

In the past few months, Sqreen has been laser focused on improving and enhancing our alerting communication. Building upon the effort we started with the new Slack daily digest a few weeks back, we’re happy to roll out an improved email weekly report this week.

What’s new in the email digest? First of all, your weekly email digest is now about what’s going on in your organization as a whole rather than on an application-by-application basis. This should make things a lot easier to digest!

The weekly email digest includes reports on everything relevant to your environment, including the latest and greatest that we’ve released in the past few months, such as your application security risk, new organization tokens, and more.

Last, but not least: it’s now fully responsive! 

All in all, we hope that this new format will help you more easily keep an eye on what’s going on with your application security, on the go!

New resources available!

In the past month, we've brought out some new resources for you to check out: 

The Early Security Engineer’s First 90 Days Checklist, 2nd Edition

• This updated and expanded checklist provides 53+ best practices for early security engineers at scaling companies. When the first few security engineers join a company, there’s a lot that needs to be done and a lot of opportunity to get off to an impactful and fast start. With this checklist, early security engineers can get a structured approach for their onboarding to-do list.

How Triplebyte created an application security foundation with Sqreen

• This case study explores how Triplebyte went from 0 to 1 on their application security by implementing Sqreen. By implementing security monitoring and meaningful alerting without false positives, they were able to stay on top of their security before they brought on dedicated internal security experts. 

Getting security to scale: learnings from modern app sec teams

• A highlight from the Sqreen blog this month: our CTO, Jb, and some of our engineers visited the Bay Area and spent a week meeting and interviewing some of the top application security teams in the business. This post consolidates and shares what the common best practices are for top app sec teams.

Meet the new Sqreeners

The Sqreen team keeps on growing, this time in San Francisco on the sales and customer success side!

Colin (San Francisco) - SMB Account Executive 

Colin joins the Sqreen team after growing his sales career at Rainforest QA. Outside of the office, he recently spent a year in Sicily playing water polo in the Italian professional league, and loves everything that involves sports and music. He particularly loves to play music with friends, especially the blues - and occasionally can be heard waking up the neighbors with his Stratocaster! 

Mariam (San Francisco) - Product Specialist

Mariam started her career in sales when she was just 18 and decided that it was the route for her. After college, she embarked on a new journey and opened a restaurant. After experiencing the dream chef life for a while, she realized she missed the beautiful world of sales. She likes to decorate cakes and binge Netflix in her free time.

Interested in building the future of security with us? https://www.sqreen.com/company#jobs

Where are Sqreeners this month?

Sqreeners love to participate in events and visit our sister office. 

Some events Sqreeners will be attending this month include:

• Paris - Wednesday, July 26: Our lead Node.js engineer, Vladimir, will be at Paris.js #86: WebAssembly
• Paris - Thursday, July 27: Our Head of Product, Arnaud, will be presenting at Product Stories about OKRs

We'd love to connect with you if we overlap at any events!

That's all folks

The Sqreen Team

Hello ,

Hope your summer is off to a good start!

In this newsletter, we’re happy to share some news on improved alerting, more support for organization tokens, new resources, and new Sqreeners.

A brand new Slack daily digest

Many organizations use Slack to stay on top of their application security activity in Sqreen. Each day, Sqreen sends out a Slack digest of the security activity in your applications.

Today, we’re happy to release a brand new version of our Slack alerts digest. The new digest is more aligned with the state of our product today, which has evolved a lot since we released the original digest.

The notable change is that the digest is more relevant and streamlined. It’s organized around what happened in your organization at a high level rather than giving a full detailed recap on every application.

To further reduce the number of unnecessary alerts, the daily digest will only go out if there has been meaningful security activity to report (such as incidents, security weaknesses, or organization highlights).

We hope you’ll love this new, more digestible digest! Please send any feedback our way by replying to this email.

Sqreen now supports the organization token on all agents

Earlier this year, we introduced the organization token, allowing you to deploy Sqreen at scale without having to manage dozens of applications manually from your dashboard.

With the latest release, the organization token is now available on all six of our agents. You can find your default organization token here.

We also published a short guide about how to migrate from the application token to the organization token: https://docs.sqreen.com/faq/org-token-migration/

The application token remains supported for now, so there’s no rush to migrate just yet! However, we do recommend larger organizations start using it ASAP to take better advantage of Sqreen at scale.

New Resources available!

We have some new resources available for you to check out: 

• The SaaS CTO Security Checklist, 2nd Edition
  This checklist provides 55+ best practices for SaaS CTOs and engineering leaders on how to up-level their company’s security from seed stage through growth stages. A great resource for startups and scaling companies.

• Scaling security through trust and automation: why Front chose Sqreen
  This case study explores Front's needs around finding ways to automate security and built up trust, and why they decided to go with Sqreen.

Meet the new Sqreeners

The Sqreen team keeps on growing, this time in both San Francisco and Paris!

Fanette (San Francisco) - Head of Demand Generation 

Baking utm cookies and pie-charts for the past 15 years, Fanette come from Algolia and Docker, were she helped grow their demand generation functions. She defines herself as a "full stack marketer" and is pretty passionate when it comes to security in the marketing stack. Outside of marketing, Fanette is a Burgundy wines expert, a comic books and video games enthusiast, and a swimming addict. 

Jim (San Francisco) - VP of Sales

Jim has focused on all thing sales (strategy, operations, support, customer success, individual contributor and leadership) over the past 17 years. Starting his career as a developer (not a great one) and in Project Management, he has a passion for working with developers and supporting their craft. He starts with Sqreen in mid-June after a successful stint at GitHub as part of the original sales leadership team that built the GitHub Sales and Customer Success organization. He looks forward to taking his passion for sales and customer success to support and learn from our customers. 

Mark (San Francisco) - Mid-market SDR

Mark joined Sqreen after realizing Sqreen’s potential to solve the many security problems companies face. Before joining Sqreen, he worked at email SaaS companies. Mark is originally from Portland, Oregon, and he enjoys politics, podcasts, and rain!

Stéphane (Paris) - PHP Agent Engineer

Stéphane loves making the most difficult things go simply with software. Interested in many topics, his software architecture, design and development experience ranges from low-level (C, embedded systems, driving hardware) to high-level (server and desktop applications, graphical user interface, C# and others) working for small and big companies. A proud father, Stéphane also loves photography and skydiving.

Interested in building the future of security with us? https://www.sqreen.com/company#jobs

Sqreeners take the stage

Sqreeners love to participate in events and visit our sister office. 

Some events Sqreeners will be attending this month include:

• Tuesday, June 11th, Paris: CTO Meetup run by Point9 at The Family, with talks from Alison, our Head of Talent, and Jb, our CTO
• Thursday, June 13th, Paris: Saastr Europa DevSec Dinner run by Jb, our CTO
• Thursday, June 13th, Paris: SRE meetup with talks from Beth, our Head of Engineering
• Tuesday, June 25th, Paris, Paris.py #20

We'd love to connect with you if we overlap at any events!

That's all folks

The Sqreen Team

Hi Eugene,

Peace of mind comes from visibility. If you can see the security status inside your application, you can proactively monitor and protect it, and free up time to work on your other priorities. Sqreen provides monitoring and blocking capabilities in real-time, leveraging the rich context available inside your application. 

This use case is an important one for Rainforest QA, for example. Check out the case study to see how they use Sqreen today.

Sqreen provides application-level visibility to security, operations, and developer teams, helping to keep everyone on the same page. Install it now to see for yourself.

Cheers,
Paul

Hello ,

Welcome to August!

In this newsletter, we have new alerting flexibility, improved displays for ATOs, updates to our Go agent, and some great resources.

You decide when you get notified

As we grow, our security coverage keeps expanding. That means there's more and more items that you can be notified about.

While we continue strengthening our signal-to-noise ratio by designing, testing and improving our heuristics, we also know that you have the best understanding about what's relevant to you.

With that in mind, we're releasing new settings enabling you to configure which alerts you want to receive over email. You can now (un)subscribe from any type of incident, for all applications.

In a future release, we'll enable you to do the same with Slack and across multiple workspaces.

Review your settings now: https://my.sqreen.com/profile/notifications

Improved display for Account Takeover timelines

A key benefit of Sqreen is the ability to investigate what's going on in your apps. Finding ways to provide more actionable information so you can do this more effectively is a driving force for us.

Timelines in incidents play a big part in helping you understand what's going on.  We've improved the Account Takeover timelines to make them more tailored to what matters by highlighting the sequence of login failures and grouping events more clearly.

See it in action in our demo app!

Sqreen for Go reach ?eta 6

The Go agent keeps moving quickly towards version 1.0. We released the 6th beta version last week, and it's available for you to try out if you're interested in joining the program.

What's new?

• Full playbook support. Learn more here.
• Security headers and Content Security Policy (CSP) protection modules support. Review them here.

The whole changelog is available on Github at https://github.com/sqreen/go-agent/releases/tag/v0.1.0-beta.6.

With the latest beta, the Go agent now enables you to:

1. Monitor your user activity and get alerts if a user get compromised (user account takeover protection).
2. Protect your business logic with Playbooks.

The next release - scheduled in September - will bring support for the In-App Web Application Firewall (WAF).

Interested in joining our Go beta program? Reply to this email to join.

Resource highlights!

In case you've missed it, here are some of the resources we've released recently:

Security interview: David Scrobonia on making security practical at Segment

• A highlight from the Sqreen blog: last month, we sat down with David Scrobonia, application security engineer at Segment, to talk security. This post consolidates and shares the key takeaways of that discussion and what David shared about how he approaches security.

The PHP security checklist

• This checklist provides 43+ best practices for making your PHP applications more secure. The best practices shared here are practical tips that PHP developers can follow to improve the security of their code and infrastructure. 

Fixing a critical issue: a journey into Ruby web server startup sequences, part one

• Long read alert! In this two part blog post, our Ruby agent engineer Loic shares the full story of how the team dove deep into Ruby web server startup sequences to fix a critical issue. 

That's all folks

The Sqreen Team

Hello ,

Welcome to Autumn!

After a great and restful holidays ?????, our team is back to work and developing some exciting new advances. Stay tuned, as we have A LOT to announce at the end of the month!

In this newsletter, we’re happy to share some news on dashboard improvements, integration testing, new resources, and new Sqreeners.

A brand new way to test your webhook integration

For quite a while, we've offered a way to subscribe to important updates in a programmatic way via webhooks. This integration alerts your system whenever Sqreen detects major incidents (such as account takeovers or new vulnerabilities) or new attacks. You can learn more about webhooks in our docs.

While we're constantly striving to make the integration as smooth as possible, being able to test things end-to-end easily is a must have.

With end-to-end testing in mind, we just rolled out a new means of webhook integration testing: you can now receive payloads, filled in using sample data from your account, and observe how your application reacts to them, ensuring that everything ties together properly in a snap. Also, you can test that the payload signature checks is working as expected.

An easier way to review how Sqreen protects your app

Sqreen offers multiple layers of protection, which, when enabled altogether on your applications, provide strong coverage against the most critical vulnerabilities.

Moving forward, you can leverage new filters to review how each protection is interacting with your app and the malicious traffic that it's exposed to.

Resource highlights

In case you've missed it, here are some of the resources we've released recently:

New article: France's hottest startups of 2019

• Sqreen was honored to be named as one of Wired Magazine's 2019 hottest startups in Paris. Check out the other honorees on the list.

New video: Sqreen's story

• If you've ever been curious about Sqreen's history or mission, or how everything works today, check out this video!

New learning center: Sqreen's web application security learning center

• Have questions about security tools and topics? We just launched a new learning center to answer common questions about web application security, from "what is the OWASP Top 10" to "the pros and cons of RASP". Check it out!

New case study: How FreeAgent prevented 33 major attacks last year with Sqreen

• We're happy to share a new case study with accounting software company FreeAgent. In this case study, FreeAgent shares the security goals they set out to solve, how and why they chose Sqreen, and some of the results they've seen.

Meet the new Sqreeners

Sqreen welcomes a new Sqreener in San Francisco on the customer success side this month!

Jason Lewis (SF) — Account Manager
Jason brings several years of security experience with him from Duo Security. His focus is to always add value in any teammate or customer interaction. When he’s not evangelizing better security, he enjoys playing golf, finding new foods to try, and spending time with his wife and Samoyed pup, Nobue.

Where are the Sqreeners this month?

B2B Rocks Paris, September 12th: our CTO, Jb, will be on a panel discussing "How to shape the most reliable and secure tech in 2019"

The Family (Paris), September 16th: our CTO, Jb, will be presenting on how to onboard developers 

Global AppSec Amsterdam, September 27th: Our Head of People, Alison, will be presenting on Unlikely allies: how HR can help build a security-first culture

Paris-Versailles, September 29th: several Sqreeners will be running the course!

That's all folks

The Sqreen Team

Hello ,

Happy October!

In this newsletter, we’re happy to introduce some big new features: In-App WAF and App Inventory, and share some new resources.

Introducing In-App WAF

Security is made stronger with multiple layers of protection. To continue up-leveling your ability to protect your applications, we’re introducing In-App WAF. Sqreen’s In-App web application firewall (WAF) leverages your full application context to deliver an out-of-the-box, cloud-native WAF that’s fail-safe, has limited false positives, and doesn’t require heavy fine-tuning or maintenance.

Sqreen is able to offer a WAF with these benefits because of where it’s deployed. By sitting inside your app, Sqreen knows your stack and only picks the rules tailored for your app. If you have a Ruby app using MongoDB, you don’t need to enable SQL injections rules for PHP, for example. By default, Sqreen only enables rules with a low false positive rates by verifying false positive rates of all rules across our global network of applications.

By combining our RASP & the new In-App WAF, you can ensure that you have security in depth.

The In-App WAF is available now with custom rules and expanded coverage. Update your Sqreen agent to the latest version to check it out!

Introducing App Inventory

Adding more levels of protection is essential, but how can you secure what you can’t see? A major challenge with protecting applications is a basic one: what applications do you even have out there, and what are they composed of? With security teams often severely outnumbered by engineers, they struggle to get visibility into what applications are deployed, recently updated, or accessible to outside users.

Sqreen’s Application Inventory is an always up-to-date, searchable source of truth of application assets. It centralizes in-app security insights collected from the Sqreen microagents deployed on your apps to catalog the key application components (such as third-party libraries, frameworks, ORMs, templating engines, and more) that provide actionable insights into applications.

Security teams get deeper visibility and control, and can stay on top of new threats with customizable real-time alerting without becoming gatekeepers or having to slow down engineers.

Resource highlights

In case you've missed it, here are some of the resources we've released recently:

Recent webinar! Beyond the HTTP layer: getting full visibility into your applications

• On October 10th, our CTO and co-founder, JB, discussed how security teams can get more visibility into their applications and improve collaboration with developers by leveraging context rich in-application data. Check it out on-demand!

New report: Security Grader

• Curious how your security stacks up? Take the Security Grader quiz to get a report on your security capabilities and how they compare to benchmarks.

New learning center: Sqreen's web application security learning center

• Have questions about security tools and topics? We just launched a new learning center to answer common questions about web application security, from "what is the OWASP Top 10" to "the pros and cons of RASP". Check it out!

Featured blog post: Security in depth: Introducing In-App WAF and App Inventory

• This recent post on the Sqreen blog covers Demo Day and the new feature announcements in more depth. 

Where are the Sqreeners this month?

Our CTO, Jb, and security engineer, Cedric, will be in SF the week of October 21st. They're always happy to meet with Sqreen users, so let us know if you'd like to meet with them while they're here!

That's all folks

The Sqreen Team

Hello ,

2019 was an exciting year for Sqreen: we nearly tripled our team size, doubled our customer base, opened new offices, and launched many new features and improvements.

Here's to a more amazing 2020

But first, let's share some of the latest product and company updates.

Product updates

A more straightforward way to manage your protection

Sqreen's application security platform is growing. With the addition of new security features, we wanted to offer more fine-grained protection options.

We removed the global Protection Mode and added configuration options on every security module.

So what does this mean? Most protection modules can now be set in a blocking or log-only mode. Learn more about this release

On top of that, we've also improved the overall protection page layout:

Get the most out of Sqreen

Whether you're new to Sqreen or a long term customer, we want to make sure you're getting the most out of our platform.

We've released a step-by-step checklist that will walk you through our key features and show you how to configure them.

New resources available!

The DevSecOps Security Checklist, 2nd Edition

• We recently updated and expanded the DevSecOps Security Checklist. Learn how to incorporate security into your DevOps processes and build a scalable security development environment.

Security Interview: Dan Robinson and Jerry van Leeuwen on prioritizing security at Heap

• In this interview, Dan Robinson, CTO, and Jerry van Leeuwen, DPO, of Heap share how they've built security into Heap and prioritized different initiatives as Heap's grown from idea to Series C

What is a Content Security Policy (CSP) and why is it important?

• In this blog post, learn about CSPs, what the pain points are with them, and how to implement and maintain them effectively.

Meet the new Sqreeners

Our team is growing at light speed! We're happy to welcome new Sqreeners to help us on our mission to democratize security:

• Estelle Ballot | People and office coordinator | Paris
• Anaëlle Zouari | Backend Engineer | Paris
• David Chao | VP of Marketing | SF
• Baptiste Emmanuel | Backend Engineer | Paris
• Nigel Guieb | Growth Marketing Manager | SF
• Arlen Oharonian | Talent Partner | Paris

Looking to meet the rest of the team or joining us? Visit our company page.

Where are the Sqreeners this month?

• San Francisco: Arnaud, our Head of Product, is in SF until December 11th. Interested in sharing feedback or just talk App Security? Let's get a coffee ?
• Node+JS Interactive - Montreal: Vladimir, our Node.js agent lead, will give a talk about an experimental feature of Node.js. In Montreal too? Ping him on Twitter!
• API Days - Paris: Jb, Co-founder and CTO of Sqreen, will talk about "RASP for APIs and Microservices" at API Days on December 10th.

If you have any questions or feedback about all of this, just reply to this email!

That's all folks

The Sqreen Team

Hello ,

On behalf of the entire Sqreen team, we wish you a happy new year! We had a fantastic year in 2019 and have even greater things planned for 2020. Needless to say that we are hiring.

In this newsletter, we’re introducing a couple of great improvements to the In-App WAF, the Application Inventory and our webhooks.

Product updates

The In-App WAF is live for all new apps!

The Sqreen In-App WAF, which we released a few months ago, is our approach to provide you with a Web Application Firewall (WAF) that lives within your app to lower the maintenance and false positives.

Today, we’re happy to announce that our In-App WAF is available in all six of our agents. When deploying a new application with Sqreen, the In-App WAF will be automatically configured based on the application’s stack. 

By default, it runs in Log-only mode, enabling you to review how it behaves with your production traffic. From there, you’ll be able to set it to Blocking mode.

In a couple of weeks, we’ll release configuration presets to ease the deployment of the In-App WAF on existing applications.

A new way to explore the App Inventory

A few months ago, we introduced the App Inventory, an out-of-the-box and always-up-to-date source of truth for application assets. Security teams get deeper visibility and control and can stay on top of new threats without becoming gatekeepers or having to slow down engineers.

Today, we are adding an easier way to search it with filters.

The new default search makes it easy to compose your search by combining filters. You can switch to advanced search anytime. 

Webhooks 2.0 are here

Sqreen’s webhooks provide a simple and extensible way to react to incidents and security events.

We’ve listened to your feedback, and are excited to launch the 2.0 version of our webhooks.

The major improvement are:

• Incident updates are now sent through webhook. Version 1 only broadcasted when the incident was first detected.
• ATO incident payloads feature the compromised accounts.
• Payloads now include the number of retries and date when it was sent.

The new documentation is available here.

If you get started with webhooks today, you'll automatically use version 2.

Otherwise, you can switch versions from your account settings.

Reduced risks when blocking critical IPs

You can use Sqreen to block malicious IPs performing attacks or triggering a playbook. In order to reduce the risk of blocking legitimate traffic, we’ve added a new global setting that won’t block “critical” IPs.

A "critical" IP is a private IP, or an IP coming from a load balancer of a large cloud provider.

This setting can be changed at any time from your application settings.

New resources available!

Sqreen Quick Start Guide

• This guide helps you get started with Sqreen. It shows how easy it is to install Sqreen, and gives some online guidance for properly setting up Sqreen, so you can go from signup to up and running quickly.

How to manage security debt as a startup

• In this post, we discuss the concept of security debt, and share some best practices for getting ahead of it for startups.

Top 6 security best practices for Go

• In this blog post, we cover some top security best practices for Go. The post includes examples of how to implement the best practices as well.

APIDays 2019: RASP for APIs and microservices

• Our CTO Jb recaps his talk from APIDays Paris. He discusses microservices, how their security needs are different, and how RASP can help. It's a fantastic breakdown of microservices and how to protect them.

Meet the new Sqreeners

This month again, we're happy to welcome new Sqreeners to help us on our mission to democratize security:

• Guillaume Daix | Engineering Manager | Paris
• Jennifer Kim | Talent Partner | SF
• Hiroki Saotome | Head of WW Commercial Sales | SF
• Mike Ferrari | Enterprise Strategy | SF
• Anil Mahtani | PHP Agent Engineer | Edinburgh

Where are the Sqreeners this month?

Sqreen is a Gold sponsor at AppSec California in Santa Monica, CA later this month. Attending the conference? Make sure you pass by our booth!

Next month we will be sponsoring BSides in San Francisco. Stay tuned!

As always, we'd love to get your feedback on these updates.

That's all folks

The Sqreen Team

Hello ,

It's been a busy month at Sqreen. We were at BSides SF, our co-founder and CTO Jb pitched Sqreen at the RSA Innovation Sandbox, and we hosted demo days in San Francisco and Paris. On top of all of that, we released some amazing product updates, including a public release for Go, an IAST private beta and more!?

Product Updates

Introducing Sqreen for Go: the first Runtime Application Self-Protection (RASP) for Go

We're very excited to announce the public release of our Sqreen Go agent. It's the first real Runtime Application Self-Protection (RASP) for Go in the market!

Building a dynamic instrumentation agent for a statically typed, compiled programming language like Go wasn't always as straightforward as for the other languages Sqreen supports.

Check out our blog to get down to the nitty-gritty of how the Sqreen agent was built and the value it provides.

Sqreen's Interactive Application Security Testing (IAST)

We're also excited to release a private beta version of Sqreen's Interactive Application Security Testing (IAST) ?solution. This capability enables users to uncover critical vulnerabilities without generating false positives.

It's available for Node.js today, and more technologies will be supported in the coming months.

We're looking for design partners that can help us build out our IAST offering. Let us know if you're interested!

In-app WAF presets

We made it even easier to manage your Web Application Firewall at scale. Sqreen will now offer different presets that you can select from your In-App WAF configuration page:

• A recommended preset that is based on your application's stack and enables rules that were battle-tested by the Sqreen team. This preset minimizes the number of false positives.
• A strict preset based on your application's stack, but that enables patterns that might have a higher false-positive rate. This can provide good insights into the early stages of an attack, but we don't recommend using this in a blocking mode.
• Finally, a full manual preset that allows you to configure the rules for your application manually. ?

Don't forget to update your Sqreen agent to benefit from the full-fledged In-App WAF.

New RASP protection rules

We're continuously improving our protection platform, and we're excited to announce that Sqreen's RASP is now able to prevent the execution of a few new categories of vulnerabilities:

• Code injections for PHP and Java
• Server-Side Request Forgery (SSRF) in Node.js and Python

The new protection overview

The new protection overview gives you an overview of all the covered attacks. This a great way to see how your application is protected, and how that protection can be improved.

New resources available!

The Startup''s Guide to Application Security

• In this whitepaper, learn how to approach and prioritize application security in the different phases of a startup''s growth, and what the primary use cases are for securing applications.

How to run security testing sessions

• In this blog post, we share an overview of security testing sessions, and some best principles and approaches to running beneficial sessions yourself.

Top 10 Python security best practices

• In this blog post, we discuss some top security best practices for Python, and how devs and engineering leaders can leverage them to protect their Python apps and make them more secure.?

Serverless JWT authentication with Netlify and Zeit

• Serverless authentication isn''t straightforward for personal projects. API Gateway can be unwieldy, so in this post, we take a look at other options.

Achieving SOC 2 Compliance with Sqreen

• In this case study, productboard shares the story of the challenges they solve with Sqreen and how Sqreen has helped them achieve SOC 2 compliance

Deploy Sqreen in production and get a free T-shirt

Haven't deployed Sqreen in your production app just yet? Try it out today and get a free t-shirt (It glows in the dark!). It only takes a few minutes to get up and running. When you deploy to production, let us know, and we''ll follow up to get you your shirt. Already deployed in production and interested in some SWAG? Hit us up!?

As always, we''d love to get your feedback on these updates.

That''s all folks ,

The Sqreen Team