What do you do when you just increased security in your app? You make it even better!

Introducing Trackman Up, a monthly service that adapts your Rails application security to the future.
Focus on the long-term success of your application and dev team.
Improving security takes time, big changes are expensive
Wouldn't it be great if security could just be downloaded just as one of those Antivirus programs? In reality, you know that security takes time: Keeping up with new types of attacks, Rails or gem vulnerabilities and fixing security problems that your own team found.

And that’s only to keep up. There’s no time left to think about strategies or implement that useful security feature you read about or saw in ThatApp(TM). But would that addition be really worth the investment?

Imagine never having another security headache again...
Security has many facets:
  • - Learning so we don’t introduce new vulnerabilities
  • - Keeping up with new attacks and Rails, gem and software security
  • - Being prepared for the worst case
  • - Know what people do in the app
  • - Hardening security with modern means

But where to start? Where are the current weak points? What’s most important and how do you measure its’ effectiveness? Wouldn’t it be great if these things sort of took care of themselves? At least to some extent?


I want to be your external CSO


Together we’ll improve all the different aspects of security, month by month. Realistically, you’re in the middle of something right now and more big todo items are the last thing you need. I’ll make it as easy as possible for you to increase security according to your vision.


Who is this for?


You spent a lot of time with security already, you’re pretty confident it’s not all that bad. The automatic security test tool reports no significant problems anymore. Everything works and you could do this all by yourself, why do you need someone else? Because you and your team discuss, learn about, keep up with and test security a couple of times a year. Buying this service could walk that up to monthly and make it a high priority while not interfering with business as usual.


I’m looking for people who are interested in the long-term success of their web application, and for who security is part of that. I’ll keep up with security for you, propose changes that you can potentially make, provide code, guides, and advice so that you can make informed decisions. We’ll launch the changes with your team and I write up reports and open a Rails security learning center for your team.


But who are you?

I’m Heiko Webers, a developer and writer from Germany, working with Rails security since 2007. I’m also running a small business and SaaS application, just like you, so I generally understand the challenges and possibilities.

Do you know your stuff?

I wrote the original version of the official Rails security guide, started the Rails Security Project and wrote another book in 2015: Rails security strategy. I've previously conducted numerous Rails security audits for many well-known Rails applications. And you’ll benefit from that experience as well.

This is not the typical consulting offer, it’s aimed at long-term success and you and your team can keep all the knowledge you acquire during this project. Security audits give you an overview of where the weak points are right now. But I know that the job isn’t done with a report, so I’m making myself available to deliver the best possible result at a far lower price point than my usual day rate.


What will you get

I've a question about this!
Please send me an e-mail at [email protected]


Frequently Asked Questions

I’ll spend in total 1 day every month keeping up and improving security for you. There’ll be something to do for your dev team every month, but I’ll provide you with code, give you exact guides and will help to implement it where I can.
A welcome pack with quick wins for your web application. Here's an example.
Access to your own security incident logging server with root access, if you’d like. With minimal effort, we’ll be able to visualize what kind of security-relevant events happen on your platform.
Your personal security dashboard with reports and results for every month. I’ll add an example report soon.
Access to a learning center for your development team with lessons that build upon their existing knowledge.


This isn’t for everyone
This is for you if any of this sounds like you:
  • You’re a small to mid-sized self-funded (or otherwise sustainable) business.
  • You’re interested in the long-term success of your web application.
  • You make changes quickly. I'll work best if I get access to the code. It doesn’t have to be right from the beginning, but it will give you fewer things to worry about. We can set up an NDA if you like.
If you own a bigger business, I assume you already have someone on staff to take care of this.

Copyright © 2016 bauland42, Heiko Webers

Trackman Up

Heiko Webers

PS: Not ready for this? I'm also offering a free newsletter about Rails security strategies and another one about Rails and web security news.