Sqreen now available on Heroku


Sqreen is now on the Heroku Marketplace! You can now protect your Heroku applications in just a few commands.

How to get started with Sqreen on Heroku?

  1. Log in to your account

  2. Head over to the Sqreen Add-on page and click on “Install Sqreen”

  3. Select the app to install Sqreen on the interface

  4. Select your plan (Sqreen is currently Free in Beta)

  5. Follow the instructions on the documentation page to install the Sqreen agent in your app

  6. Click on the Sqreen Add-on to check your Dashboard and see the threats that Sqreen identified and blocked

Content Security Policy made easy


Sqreen now supports automated Content Security Policy.

You can now add a Content Security Policy (CSP) in your web application in just one click.

  • New directives are suggested and you are able to update the policy directly from the user interface.
  • You are notified whenever peaks of violations are triggered by assets which are not part of your policy. You can then add new assets from the user interface.

Sqreen now supports teams!


Teams can now work together to protect apps! 🎉 You can invite team mates directly from your dashboard and work together on your application security.

Sqreen API section


You can now get your API key directly from your Sqreen dashboard. Documentation is available here. Feel free to ping us if you need anything!

New Developer plan (Free)


We just introduced our free developer plan which allows free use of our APIs. You just need to create a new "API Sandbox" app, and you'll be all set!

Protection mode behavior


You can now choose the behavior of your choice when your app is under attack (protection mode).

Choices are:

  • HTTP Error 401 (unauthorized)
  • HTTP Error 403 (forbidden)
  • HTTP Error 404 (not found)
  • A custom URL (redirect)

Detect users attacking even earlier


Sqreen now supports OWASP ModSecurity Core Rule Set (CRS). Sqreen will not block attacks based on patterns, which would result in false-positives, and would block legitimate traffic. This information is used to detect user accounts performing attacks, even when the requests sent are harmless for the application.

Detecting errors generated by users


Sqreen now correlates errors generated within Applications with user accounts.

You can know whenever a user is starting to stress your web application and triggers security errors, so you can react before a breach happens.

Security headers support


Modern web browsers offer a lot of security features aimed at protecting your users from a wide variety of threats.

Here is a list of the most important security HTTP headers.

Sqreen now allows to simply enable them to protect your app from a wide variety of attacks in just a few clicks.

Detecting compromised user accounts


When attackers manage to steal user accounts through account takeover attacks, Sqreen automatically provides the list of compromised accounts, as well as mitigation details.

No published changelogs yet.

Surely Sqreen will start publishing changelogs very soon.

Check out our other public changelogs: Buffer, Mention, Respond by Buffer, JSFiddle, Olark, Droplr, Piwik Pro, Prott, Ustream, ViralSweep, StartupThreads, Userlike, Unixstickers, Survicate, Envoy, Gmelius, CodeTree