“Common startup challenges” is a sort of oxymoron. By definition, startups are not just reinventing the wheel — they’re creating a new method altogether. The following NYC tech teams explained to Built In NYC what makes the challenges they face unique, and how they’ve solved some of the most complex issues facing their industries, ranging from cybersecurity to the frontier of weed tech.
Identifying ad fraud takes a special set of skills, and detecting that activity on mobile is even more nuanced. WhiteOps’ Threat Researcher Marcelle Lee described the challenges her team faces every day.
What technical challenges is your engineering team currently addressing and what tools are you using?
The threat intel team is currently tackling the challenge of identifying and documenting ad fraud activity in mobile applications. Coming from a more traditional cybersecurity-focused mindset, we have found that tools and solutions we typically use do not directly correspond to identifying ad fraud. We have been actively working to create a template for analysis that covers a wide variety of topics from sandbox environments to mobile app-specific research. We have also created our own test environments featuring a variety of tools such as apktool, androguard and MiTM proxy, and have fine-tuned the production of photo and video documentation to demonstrate our findings. Many of our research techniques do cross over fairly handily, so we continue to use our existing methodologies to conduct research on domains, IP addresses, organizations and actors and files.
What impact will solving these challenges have on your company moving forward?
Our work in threat intel will help inform other teams within White Ops learn how to better block malicious and/or non-human traffic associated with mobile applications. The proactive research we are doing to identify new sources of ad fraud will potentially result in the identification of large fraud campaigns, such as 3ve, which have huge potential impact on business integrity. The better we are able to understand the tactics, tools and procedures (TTPs) used by the fraudsters, the better we can defend against them.
BentoBox allows restaurants to establish a web presence and further connect with their guests. Designing a content management platform for those in the hospitality space brings with it unique hurdles. CTO Pierre Drescher, who has been with the company for four years, explained what those problems look like.
What technical challenges is your engineering team currently addressing and what tools are you using?
We have to provide an experience that is as seamless as doing local development with your favorite tools, all while working within the inherent limitations of a SaaS platform. Currently, we chose to use the Jinja2 templating language for its flexibility and ability to evaluate untrusted code (sandbox mode). We built a small runtime that can be installed locally and makes API requests to fetch template variables in order to do local rendering.
In the future, we hope to transition to a truly headless CMS model, where developers can pick and choose exactly how they are deploying their sites, with a few available and recommended options from us. While we’d still like to maintain the ability to server side render sites, the ideal situation would be a dev runtime that people can install locally, but that on our end also powers the server side rendering. It will let us decouple this from our current infrastructure, and provide a developer experience that is flexible, fast and predictable.
What impact will solving these challenges have on your company moving forward?
We want BentoBox to be the top choice for any designer and developer tasked with building a restaurant website. But we can’t rely on just having best-in-class features for restaurants — we have to solve these challenges because the developer experience must also be something that attracts people to the platform. This, in turn, will let us provide our customers with a much broader array of choices, and unleash the creative talents of the larger designer and developer community.
Many startups claim to be scaling quickly, but LeafLink’s entire industry is fast-growing in and of itself. LeafLink’s wholesale ordering platform connects licensed cannabis brands and retailer across the country. As a startup within a new industry, LeafLink faces brand new challenges. Senior DevOps Engineer Michael Anzuoni explained more.
What technical challenges is your engineering team currently addressing and what tools are you using?
As LeafLink grows, we have to make sure that our backend — as well as our developers — can scale. For me, the point of devops is to make every engineer 10 times as efficient and impactful. We are all working to enhance the developer experience so that new ideas and products can be quickly iterated and safely pushed to staging and production environments. To achieve this, we are containerizing our Django app using Docker for deploys, Terraform to create the infrastructure resources, and Jenkins as the CI/CD command center. These updates have made large coordinated developer efforts, like our recent Python 2 to 3 migration, far less painful — and some might even say fun.
What impact will solving these challenges have on your company moving forward?
Developers will have the peace of mind to not worry about infrastructure or configuration, and instead focus on features and the end user. More confidence in the app and deployment process leads to fewer risks and larger rewards as LeafLink expands to more states and onboards more users. The flexible approach of having our app run in a Docker container with configuration stored as environment variables means new developers can quickly get up to speed, set up test environments, and push code to production on their first day.
With cybersecurity threats seemingly everywhere, the industry is feeling more pressure than ever to stay ahead of a breach. Trail of Bits builds technology that helps protect companies against these threats, and the team’s goal is as complicated as it sounds. Senior Security Engineer JP Smith explains.
What technical challenges is your engineering team currently addressing and what tools are you using?
My team and I are working on ways to let developers do more with cryptography. Cryptography has a reputation of being subtle and extremely difficult, but when it’s used judiciously, it provides huge wins for user privacy and security. We research everything from abstract mathematics papers to handwritten assembly so that we can evaluate the risks of cryptographic systems and help developers build them more safely. Right now, we're looking at finding bigint bugs with symbolic execution, exploiting malleability in cryptosystems built on elliptic curves with a cofactor, and preventing 0RTT-induced replay attacks as TLS 1.3 rolls out to developers everywhere.
What impact will solving these challenges have on your company moving forward?
Right now, the cryptography team is already doing great work in source auditing. As we staff up the team through 2019, we're going to start working directly on cryptography engineering for our clients and on federally-funded research for organizations like the Defense Advanced Research Projects Agency (DARPA). What I'm most excited for though, is the interdisciplinary aspect. Trail of Bits is already known for world-class expertise in program analysis, binary translation and blockchain technology. Working closely with those teams on problems like compile-time cryptographic safety checks and distributed consensus algorithms will produce some incredible new technology. I can't wait to share it with the world.