Based on our record, Signed Pages should be more popular than Secureframe. It has been mentiond 12 times since March 2021. We are tracking product recommendations and mentions on various public social media platforms and blogs. They can help you identify which product is more popular and what people think of it.
My org is in a position where we'll need to get SOC II or ISO 27001 certified in the next year. I've been doing some research on the easiest way to go about this, and discovered secureframe (https://secureframe.com/). It looks like it is a platform that helps you automate/track some of the compliance tasks, but doesn't actually do the audit (they have partners that work through the platform). I'm wondering if... Source: over 1 year ago
Hi, founder of Secureframe (https://secureframe.com) here. Secureframe helps streamline compliance across SOC 2, ISO 27001, HIPAA, PCI DSS, and more. There are so many accurate responses in this thread. Like many have mentioned, SOC 2 is indeed not a prescriptive framework. Much of the confusion behind SOC 2 stems from that fact. It allows you to customize your InfoSec program to your company's needs. As we know,... - Source: Hacker News / over 2 years ago
There is "Signed Pages" by the debeloper of EteSync. It is a browser extension, that checks webapps based on signatures in the html file. The addon then warns the user if the signature is not correct or - if I remember correctly - the source changed. This allows you to be sure what webapp code was delivered. But it seems like it did not really get used outside of his own projects. - Source: Hacker News / 4 months ago
EteSync has implemented something called Signed Pages, this might be worth looking closer at. This uses PGP keys which is preloaded into the browser; but I suspect that will be a barrier too high for most non-tech users. Source: about 1 year ago
There are also projects like signed web pages which can also help increasing the trust level to some degree. But that requires that you can download the source code and regenerate the verification hash locally - or have other trusted methods to verify the hash value hasn't been modified as well. The current concept is reasonably sane, but it requires too much from users currently to make it widely used. Source: almost 2 years ago
> The server can at any time start serving malicious payloads True, and I call this threat model "Beware Each and Every Fetch" (BEEF) in contrast to the more common TOFU model (although if you trust a desktop app to auto-update itself then these two models might not be all that different). In any case, I think you're being a little quick to dismiss the idea of server-hosted applications. It's true that browsers... - Source: Hacker News / about 2 years ago
Something like a browser extension for this does already exist, fortunately: https://github.com/tasn/webext-signed-pages. - Source: Hacker News / over 2 years ago
Vanta - Automate compliance, simplify security.
Marshal - Quickly scan your cloud for exposed sensitive information.
Drata - Put SOC 2 Compliance on Autopilot
The Security Checklist - The Practical Security Checklist for Web Developers
Deel - Payroll and compliance for international teams
Google Capture the Flag 2017 - Google's 2nd annual worldwide security competition