we are getting closer here - does anyone have a license for unlimited pentest scans that can be triggered against a host ? commercial product, we are not so much interested in the application testing, the point here is more towards the infrastructure (the linux running below the saas).
We use acunetix for the application alone and our license is pretty limited and we now found out we can not point our scans to a different host than the one we purchased the license to.
if anyone here is ok to help we would greatly appreaciate
Pen test or vulnerability scanning? The latter may give you the result you want, and there’s a free option (running an OpenVAS VM) and a paid option in AWS (AWS Inspector).
I might be able to help, if you need a Vuln Scan, I have access to a Rapid7-Nexpose, that I use to scan some of our external vendor (with their approval, of course), from a basic scan to full scan with credentials. If that is what you need I check for the forms. Depending where the system is hosted, they might have some authorisation forms to complete as well.
This solution will be definitely interesting for my organization. As of now we will put Eramba in a container in GCP. Please consider integration with major IDaaS such as Okta. Who uses SaaS, IaaS and such typically uses IDaaS.
Community users will be the first to test the service (for free) during two months starting in August until October, if during that timeline nothing tragic happens we will roll out the service publicly. From that point in time the service must be paid (in the range of EUR 100 / Month) to be used (TC will be available later on).
Since during these two months anything could happen (downtime, data loss, etc) we can not guarantee anything (the good and the ugly). We basically take no liability. We will take no more than 10 users for trial in both regions (Europe and USA), so 20 maximum.
Enterprise users will be able to use the SaaS service from December, at least that is my guess right now.If community goes well, there is no reason why Enterprise wouldn’t. There wont be a trial version in this case.
All this is a plan as we know and Tyson has thought us: everyone has a plan until they get punched in the face
Great news! We are definitely interested on this one. Hopefully you will have a migration process if we want to go from on-prem enterprise to SaaS enterprise? What is the pipeline for the thirdparty report (SOC2) ?
needless to say, we are delayed. again. this is due to the southern european blood around the leader of eramba and a very sunny august. we are back at it anyway.
Despite having built the technology and actually confirming trough multiple beta-testers (thank you!) that it works we have decided to put a stop to this program, reasons being:
we are not comfortable hosting your data, in particular because we are mostly developers working 8-5pm. if something happens i would feel terrible and of course we could get the project into a heap of trouble.
we dont work for revenue, so we dont really need to sell more things. so why doing something we dont need and that could get us in trouble?
building a community and enterprise software is not easy, diverting from that when we operate for no profit, is just making us loose focus a little bit
the focus for saas was to help users install eramba, we have seen on our metrics that installs have grown almost %80 since release 2.x , this means people can install eramba for themselves a lot better than in the past. so if they can do this by themselves, our help is therefore not so relevant.
Is a shame, i had some fun coding 5k lines of code using amazon aws sdk to automate provision, deprovisioning, backups, upgrades, etc.
we might offer this business to some partner at some point, were its going to be their responsibility to do this well, not ours.
So after a lot of reconsideration (many people really wants this saas thing) we have resuscitated this project, we will make it available to community and enterprise users once we complete the Cake migration and release community 2020 edition
We finished the migration a month ago, we have now come up with a partnership with a local company (Labyrinth Labs) that is really good at this saas stuff and we have devised what changes are required in eramba to make this work, chiefly avoiding using files on filesystem … we build a redis functionality on eramba and we’ll soon enable s3 for attachments … once that is ready we will start testing eramba on a native saas environement
we have agreed with the partner to start the implementation on June … a few months of building and testing my guess is perhaps after the summer we might be ready for customer testing …?
we are on track ! in june the infrastructure will be built by our partner, we have made the modifications on the software that were required.
in july / august we will start taking existing enterprise customers that want to move to saas … a month or so later we’ll start offering the service to new customers
pricing wise we have no idea yet , it will be as cheap as possible
This sounds great and well done
Will existing enterprise customers be allowed to test it out before migrating and will there be an option to specify the cloud storage locations (UK/EEA)?
The infra is pretty much done, we are now integrating it with our backend systems for full automation. We are also starting to understand the cost components of the solution the and cost trajectory based on the number of customers we sign up.
dockers as default install (vmware is still there)
saas pricing announced
saas technical infrastructure details announced
new release of eramba (e3.16.0) that includes the functionality we need to migrate enterprise on-premise customers to saas automatically.
we will start testing saas with those current customers that want to use the service, we’ll give them a year (or whatever their license deadline is) for free.
we need a month or two of testing before we’ll let people buy saas.