I built a website security scanner (because I kept shipping insecure projects)

Source: Dev.to

Introduction

I’m a solo developer, and over the last year I kept running into the same problem: I’d ship projects thinking “I’ll secure this properly later.”

My cybersecurity knowledge isn’t great—I know enough to be dangerous, but not enough to feel confident. I’d regularly forget things like:

• missing or misconfigured security headers
• weak TLS/SSL setups
• basic server or app misconfigurations that should be caught early

Most of these issues aren’t advanced attacks; they’re just things you miss when you’re focused on shipping features.

Instead of pretending I’d magically get better at security overnight, I decided to build a tool that helps catch these problems for me.

Why I built SecureNow

The goal is not to replace professional pentesting. It’s meant to be:

• a fast baseline security check
• something you can run before or after deploying
• useful for developers and small teams who don’t have a security expert on hand

Basically: “Did I forget something obvious?”

What it checks

• Security header checks (CSP, HSTS, etc.)
• TLS/SSL configuration analysis
• Open port scanning (many sites still expose things they shouldn’t)
• Rate‑limit detection
• API route checking
• Clear explanations + suggestions on how to fix issues

Nothing intrusive, no exploit‑style scanning—just automated checks that surface common problems.

Who this is for (and who it isn’t)

Designed for

• solo developers
• indie hackers
• small teams
• people shipping fast and trying not to break or expose things

Not for

• a full pentesting replacement
• an enterprise security suite
• something that magically makes your app “secure forever”

Launch & feedback

I launched SecureNow today, and I’m genuinely looking for feedback—not hype.

If you want to take a look:

I’m happy to answer questions, explain how things work, or hear why this might be a terrible idea!