Nassec, a cybersecurity startup based in Kathmandu, on Sep 10, 2020 pre launched their first product, “ReconwithMe” a web application vulnerability scanner, for Beta testing. ReconwithMe is the first of its type product to be launched by a startup based in Nepal and can be used to find security vulnerabilities present in web applications.
Nassec specializes in vulnerability management solutions and the company has been investing in R&D to innovate the vulnerability management process since its establishment. Ajay Gautam, 21, co-founder and Head of Security at Nassec came up with the idea of the product after realizing the need to automate the web security audit process while working with clients.
“From day one our motive has been to innovate the vulnerability management process. Most of the cyber attacks happen because of unpatched vulnerabilities. We’re exploring how we could use a proactive approach to reduce cyber attacks on web applications. And one day, Ajay shared the idea of developing a security tool that could automatically detect and report security vulnerabilities to developers. We discussed the idea and found it interesting and Ajay started coding for the backend straightaway,” says Subash Gautam, co-founder and CEO of Nassec.
Ajay has more than 5 years of experience in the cyber security field as an ethical hacker. In the past, he has been recognized by tech giants such as Facebook, Microsoft, Sony and Etsy for finding bugs in their system, helping them become more secure. While everyone else was complaining about not being able to work during the lockdown, Ajay was busy coding for the backend of the product.
“I started coding for the backend in March and within four months I was able to come up with the terminal version. I was very excited to see the results. In a little over four months the terminal version of ReconwithMe was able to automatically detect basic web app security vulnerabilities such as clickjacking, XSS, SQLi, Open redirect and sensitive file disclosure,” shares Ajay.
The progress excited the creators but they were unsure of what to do next. “We were planning to take the product to the Web. We had an in-house UX/UX designer. But since we didn’t have a front-end developer in-house, we were not sure how to move ahead. We already had a bad experience outsourcing design and front-end to another company for a different product so we didn’t wish to outsource for this product,” says Subash.
For a month, the team explored the option of hiring a front end designer but didn’t find a suitable one. Srijan Katuwal, a college friend of Ajay, used to come to the office regularly. He was a front-end developer but he was working for another company. “One day, I shared with Srijan that we have not been able to find a front-end developer for the project. He listened to the idea and he instantaneously showed interest in the product,” says Ajay.
The team proposed Srijan to join the project as the front-end developer. “I liked the idea, I liked working with them, but I had commitments to another company. I had to think about the offer. If I took the offer, I would have to work 16 hours a day. Ajay somehow convinced me to take the project,” laughs Srijan.
Siddhartha Neupane had been working with Nassec as a UI/UX designer since February. With Siddhartha as the UI/UX designer, the team was now complete.
Once the formation of the team was complete, they set a target of pre launch on September 10, 2020 and full launch on December 10, 2020. “The idea behind the pre-launch is to Beta test the product, get user feedback and find the market fit. We didn’t want to release the full product at once because we want to know what the users think about the product and incorporate their feedback in the product development,” says Subash.
The final few days before the pre launch was stressful but fun, reminisces Ajay. “The final week before the launch, we worked till midnight everyday. We would solve one error and another one would appear. After the launch, when we started receiving encouraging messages all the tiredness went away.”
Ajay further adds,”This is just a beginning though. We know we have to work harder in the coming days. Along with hard work, we’ll aslo continuously try to innovate the cybersecurity industry through our product and services.”