▲ 1 r/Information_Security+1 crossposts

I built a free tool that checks small business websites for security gaps — sharing what I'm actually finding

I built a free tool that checks small business websites for security gaps — here's what I'm finding

Over the past few months, I've been building a cybersecurity consulting practice focused on helping small businesses. As part of that work, I created a scanner that evaluates a business's public-facing security posture in under a minute.

It doesn't require any login credentials and doesn't touch private systems. It simply looks at information that's already publicly visible from the internet.

After running it against dozens of local businesses—including dental offices, restaurants, daycares, and retail stores—I've noticed a few recurring issues:

🔹 Missing email protection records (SPF, DKIM, and DMARC)

Many businesses still don't have proper email authentication configured. Without it, attackers have a much easier time sending emails that appear to come from the business's domain.

🔹 Website security certificate issues

Some sites have expired, incomplete, or misconfigured SSL/TLS certificates. In certain cases, visitors receive browser warnings before the site even loads, which can affect both trust and customer experience.

🔹 Outdated website technologies

A surprising number of websites are running older software versions that may no longer receive security updates, increasing the risk of known vulnerabilities being exploited.

🔹 Publicly exposed information

Sometimes businesses unintentionally expose information about their technology stack, software versions, or infrastructure that could help attackers identify potential weaknesses.

What stands out most is that many of these issues are relatively straightforward to fix. The challenge isn't usually the technical solution—it's simply knowing the problem exists in the first place.

I'm curious: if you own or manage a small business, have you ever had someone review your website and email security setup?

If yes, what prompted you to do it?

If not, what's the biggest reason—time, cost, uncertainty about where to start, or something else?

reddit.com
u/kavach_Cyber — 10 days ago

I built a tool that scans small business websites for security gaps — here's what I'm seeing

I'm an international student from India who came to the U.S. to pursue a Master's in Cybersecurity & Networks. I finished my degree earlier this year.

On F-1 OPT, self-employment is allowed if it's related to your field of study. Instead of only job hunting, I decided to build something of my own: a cybersecurity consulting company focused on helping small businesses improve their security.

I registered an LLC, built a website, joined my local Chamber of Commerce, and developed a Python-based security scanning tool that evaluates a company's external security posture in seconds—SSL configuration, email spoofing protections, breach exposure, and more.

Then came the hard part: finding customers.

What nobody tells you is that having technical skills and a working product is only part of the journey. The bigger challenge is talking to people, hearing "no," and showing up again anyway.

I've cold-called businesses and been hung up on multiple times in a single morning. I've given away free security audits, only to realize that solving the problem for free often removes the urgency to buy. I've had promising leads disappear after saying, "Let me think about it."

But there have been wins too.

I walked into a local dental office, discovered the owner attended the same university, and ended up having a genuine conversation. I demonstrated my tool to a Chamber of Commerce CEO and a local IT firm partner, and both were impressed by what I'd built. One of those conversations has already turned into discussions about supporting cybersecurity work for their existing clients.

Almost nothing has happened the way I planned, and nearly everything has taken longer than I expected.

What has made the biggest difference isn't the technology—it's having enough real conversations that eventually one of them turns into an opportunity.

Four months ago, this was just an idea on paper. Today it's a real business, still a work in progress, but moving forward one conversation at a time.

If you're building something of your own—especially as an international student, solo founder, or someone navigating uncertainty—I'd love to hear your experience.

Happy to answer questions about cybersecurity consulting, entrepreneurship, or self-employment while on F-1 OPT.

reddit.com
u/kavach_Cyber — 11 days ago