As a first time CTO (only tech person in the team) of an early stage startup, I am trying to maximize the benefits from my time. Subsequently, I am spending little time on coding and more on quickly integrating solutions such as SendGrid, Twilio, Stripe, and AWS services into my system.<p>You would have read that recently SendGrid was hacked. Such instances make me wonder how secure my system is. Could you please offer advices on how you keep your startup web applications safe from security threats?
Pretty much in the same boat as you. The one thing I am making sure is anything that goes into the database is properly validated and sanitised as mentioned by the other user. Keeping keys as environment variables rather than in the files would be other. Write lots of tests if you are not already doing so. But at the same time also keep in mind that there should be a fine balance , in my humble opinion, in putting in time to make your system secure and moving fast and getting the product out to market. Unless of course your product sells security. Cover your basics and add in more protections once you get a product market fit.