...yeah... I don't think those words mean what you think they mean...

Not really much different than a user buying dankstartup.net, setting up a catch-all email, observing what comes in, and performing password resets for those accounts, allowing for account takeovers.

Calling it a vuln in oauth may be a bit hyperbolic, but Google could help prevent it.

Just passed one of these and thought to myself, huh, that's pretty neat, only to come home to see this post.

Legitimate domain name investors are typically investing in generic words, brandables, or exact search term match domains.

I used to get mad about domain investors having every name I wanted to use for a project, until someone analogized it to real estate investing. Everybody would open their store on Fifth Ave. in New York City if they could afford it. Unfortunately, storefronts there are very limited. This is basically what generic, one-word .com domains are (frequent sales of $1M+). Domain names are just digital real estate.

Also, Stellar USDC support was already slated for February.

We'll be building it at: https://secquity.com or if anyone has any specific questions, feel free to reach out at info@secquity.com

Besides that, there are a ton of great online courses such as PWK/OSCP, and labs (HacktheBox).

I, too, can use Shodan.

I'd say "any suggested alternatives" as well, but I think I can just read the other comments. :)

I'm loving this trend of services to save me money (Paribus is one other example that I love). However, I too am concerned about handing financial information over to a third party. I'd love to hear the business model.

I saw the StealthWorker table at Shmoocon and wanted to swing by and ask some questions, but I got distracted by some of the other goings-on. Anyways, I finally got around to signing up a few days ago.

One issue that I have from the pentester's point of view is the lack of transparency after sign up. I haven't seen any confirmation that my application was received and is under review. However, I understand that StealthWorker is still in its infancy so this is understandable.

Excited to see what the future of StealthWorker holds!

You'll find that startups between seed funding and Series A are most likely to care about security. They have the funding to pay external firms for audits but they won't want to invest in a full-time security team just yet. After that, if they eventually get to "enterprise" level they'll care more about security and have both an in-house team and external reviews.

I figured this was the case. Pre-seed startups are too concerned with getting something to market and most who raise (and have something worth owning equity in) would have the funds to outsource to you.

As for your proposal of equity, I would never do this. Frankly, security services are closer to insurance than they are to building positive value. I have interacted with many startup founders, and most would not take an equity proposal like that for this reason. There are several obstacles.

The equity for security question was mostly hypothetical to get a better understanding for how security is valued among early employees. When I read the title of Jason's article, "It’s Time For You To Make Security a Core Feature — Not a Tax" all I could think of is what a hard sell that would be to both founders and customers, and you confirmed my assumptions. I completely agree that the business model is not sustainable.

Thanks again!