How should I develop this site?

[ApeXX]

Well I am currently working on a project called "Defense X". A good friend of mine and co-worker recently purchased website/forum security auditing software. We are creating a website that will be allow webmasters to apply for a web server security audit, we will apply tests on their servers (to test for exploits and such) and then email them the feedback. Large companies are currently charging website audits at $XXX range, when we could do it for so much cheaper. (We need to get out of the red though, the software put us $450 below). Here is where we need advice!

Should we:

a) Set it up as a free auditing system. We rely on donations and sponsers. As far as I know there are currently no websites that have a system like this, so we would have to hope that we attract a very large amount of users to make a lot of advertising appeal.

b) Set it up as a paid auditing service. You pay us $XX to run hundreds of security tests on your site, and we email you the results. We may not appeal to as large of an amount of people, compared to the free testing.


Tell me what you think!

 

[abdulmueid]

I have two ideas running in my mind.

First Idea:
I would say mash-up a) and b)... Like the free system will run X amount of tests and give you the *normal* reports. The paid auditing service will run all the test and give you an advanced result with advice on where to improve.

Second Idea:
Have a free service for personal websites and blogs, have a paid one for business sites (webhosts, shopping carts, small business, etc). And ofcourse ask for donation from the free customers.

 

[ApeXX]

Hmm, I really like that. What would you think of this:

You get 1 trial audit for each of your websites. - Free

or You can sign up for a package and get audits once every week as you add more content and such, and it costs something like $30 a month?

 

[abdulmueid]

1 Trial audit sounds OK but then the sites that are just adding content and not changing the core/backend will just get it checked once and never again.

Monthly subscription sounds good but that would only work for the sites that are constantly growing i.e. adding new features, modules, etc. or sites that are super paranoid about hackers etc. You could charge them $30 per month, test the website 5 times on random days, make a report comparing the results and send it.

 

[ApeXX]

Or this, I like it more:

For free it will say something like "4 Vulnerabilities Found". You have to buy the testing report to see all the details and how to fix it. -- Similar to how VIN reports work for used cars.

Abdulmueid I assume your a webmaster yourself, would you be willing to pay $10 to have all of your sites completely scanned for any known vulnerabilities, exploits, broken links, etc.? -- I'm not trying to sell you the service, I'm just curious if it is a thing webmasters would be interested in.

 

[abdulmueid]

If there is a script that I have created which I am planning to use personally or sell it to others... sure I would like to have a service like this to ensure safety. And yeah, I would pay the $10 too.

 

[ApeXX]

If there is a script that I have created which I am planning to use personally or sell it to others... sure I would like to have a service like this to ensure safety. And yeah, I would pay the $10 too.

Alright, thanks for all the help. +Rep!


Anyone else have any ideas?

 

[DotUSDomains]

I think if you are able to offer the service of fixing the problems (for a fee ofcourse) it would be better.

You know if i wanted the service and paid for it then you sent an email with a report saying my site is not secure i'd rather go with your company fixing it than going somewhere else.

Well im sure theres more people who dont know how to fix security issues than there are people who do.

And definetly a good idea offering the 1 month/try for free.

 

[ApeXX]

So we would tell the clients the specific problems and offer a standard fee to fix them? How would this work with a one month trial?

Most people with static webpages would just use it once and never again. I still need to make some sort of revenue off of them.