faq
team
The team consists of experienced ethical hackers and programmers who have worked for the government, police and secret services. Founded by two security experts, it incorporates 3 other experienced professionals, 4 advisors, and various famous mentors.
What is the nationality of each team member?
Andrea - Italian, Francesco – Italian
Interest, expertise and experience in cybersecurity
Our core competencies are Ethical Hacking, IT security, Vulnerability Assessment and Penetration Testing. We were working in this areas for many areas and gained an extensive experience in this field. Our CEO Andrea Bodei for more than 10 years was into System, Network, Web and Mobile App Penetration Testing, Ethical Hacking, Vulnerability Assessment, PCI-DSS, Security Audit, worked as Team Leader of the Telecom Italia’s Tiger Team, as Information Security Crime Investigator/Forensics expert for police and corporations, has previous experience in Fraud Management, possesses an extensive knowledge of Intelligence and investigation principles and methods, custom virus writing, microspy search and data logging, wiretap and data logging for police and governmental consulting.
How long have the founders known one another and how did you meet?
We were friends for more than 10 years and then started working together in Spain.
PROBLEM AND SOLUTION
What problem/need are you trying to solve?
Vulnerability Assessment is obligatory for millions of companies to comply security standards like PCI-DSS, Basilea, ISO etc, but there are only few software in the market to perform it.
What is the solution you're proposing?
Customer are forced to do a Vulnerability Assessment to comply some standards, to do that they can ask a security company that will run a Vulnerability Scanner in their infrastructure or they can buy a Vulnerability Scanner theirself. We have a Vulnerability Scanner (there are only 4 decents in the entire market). It focuses on the problem of network vulnerabilities, the servers, computers, appliances network, etc. INFRA is intended to improve security infra structure internal network (LAN) or external (Internet). Focusing on prevention as pricnipal mechanism to ensure safety of our customers. The scanner simulates a malicious user attacking and probing see results which are not part of set of expected results. Is capable of scanning HTML, XML, ASP, ASPX, .NET, JAVA, JS, JSP, PHP, Python, Ruby, AJAX, Flash, SOAP or any including other web application with with and without authentication (either with unknown credentials configured by the user) and double AUTHENTICATION (CAPTCHA, ReCAPTCHA, Google Authenticator, SSO, etc.).
Why did you pick this idea to work on? Do you have domain expertise in this area? How do you know people need what you're making?
I'm Ethical Hacker, this is the software all ethical hackers would want, so I've created it.
How long have you been working and how many lines of code (if applicable) have you written?
Around 20 megabytes of source code and 1 gigabyte of binaries with libraries.
customers
Briefly tell us what your product does.
A platform to automate the Vulnerability Assessment, that is the action to verify all vulnerabilities in a network. VA are obligatory for millions of companies, but tools only do partially the job and analysts are normally required, we automate all.
Who are your target customers and/or users?
Enterprises with a security team. It means all Banks, Telcos, ISPs Internet Companies. We offer our help to all of those large enterprises, government institutions, banks, security companies that are obliged to comply with security standards. There are millions of companies who would need our platform to facilitate security check processes and make them automatic. Nevertheless, there are only 5 players on the market offering similar, but not so complete and profound, solutions.
What is the problem you are solving?
We find the vulnerabilities of your network before the hackers do it. We do it all automated, so you don't need external consultancy. Vulnerability Assessment is obligatory for millions of companies to comply security standards like PCI-DSS, Basilea, ISO900x, ISO700x etc, but there are only few software in the market to perform it.
PRODUCT/SERVICE
Describe your business idea/product in a sentence
INFRA is a series of platforms that automatically analyzes networks, servers, appliances and webs to detect the vulnerabilities and report the solutions.
What is your company building?
Appliances for security monitoring and automated Vulnerability Assessment.
Why did you pick this idea to work on? Tell us about any specific domain expertise or experience your team has in this area
We work as penetration testers and in our daily job we needed a similar software, so we developed it.
What's new about what you're making? How do you see it advancing cyber- security?
Our scanner finds more vulnerabilities than the competitors, it is user-friendly and available in many languages. Our core competencies are Ethical Hacking, IT security, Vulnerability Assessment and Penetration Testing. We were working in this areas for many areas and gained an extensive experience in this field. Our CEO Andrea Bodei for more than 10 years was into System, Network, Web and Mobile App Penetration Testing, Ethical Hacking, Vulnerability Assessment, PCI-DSS, Security Audit, worked as Team Leader of the Telecom Italia’s Tiger Team, as Information Security Crime Investigator/Forensics expert for police and corporations, has previous experience in Fraud Management, possesses an extensive knowledge of Intelligence and investigation principles and methods, custom virus writing, microspy search and data logging, wiretap and data logging for police and governmental consulting.
How do you know people or businesses want what you're making? What have you done to test your assumptions?
Because we would be the first clients of this product. Anyway all companies we are proposing it are entusiasts, I think that who try it wil buy as it's very usefull.
What do you understand about your business that other companies in it just don't get?
Other security Companies sell consultancies, They use a product like our product, and give consulting, but consultancy is not scalable (more activities they have, more recurses they require), While selling the product is totally scalable (in a software, the cost of selling 1 million licences is not really much more than sell only 1 licence, at least considering only the cost of producing the product).