Do SQL injections turn you on? How about double SQL injections? If the answer is ‘yes’, then

1): Good luck with your dating life.

2) Boy are you in some luck!

A new of breed of security product called Seeker produces some vivid hacker pr0n in the form of a video (see above) of how it broke and exploited every nook and cranny of your unsecure code. Yes, I’m going to say it, Seeker might be the Seymore Butts of security products!

Kidding aside, Seeker seems be packing pretty fearsome application security technology. The company behind it is an Israeli white hat hacking shop called Hacktics. These guys do work for startups, banks, telcos, governments, and homeland security agencies. Their team members hold very high security clearances due to their prior and current service records in the IDF (Israeli Defense Force). It’s safe to say these guys know a thing or two about application security.

Seeker was designed for use by individuals that are part of the development organization which do not necessarily possess security knowledge, or even deep technical knowledge. These can range from developers, to QA staff, to team leaders. It’s for this reason that Seeker points to real business threats rather than just technical issues.

This is where a two particular product features stand out. Seeker produces screenshots (see below) that allow testers to see the vulnerabilities in the context of the actual application functionality they relate to, rather than getting just technical information based on URLs. The screenshots also contain screenshots showing how the application handled each attack.

The second stand-out feature is ‘Exploit Videos’. Seeker automatically creates a step-by-step exploit video for each vulnerability it identifies and exploits, making it easier for the developer to manually reproduce errors before and after fixing the code. Video is also quite an effective method for non-security users to understand the actual threats and potential exploits. Just imagine being able to show management or external developers such a video. Pretty effective stuff.

Seeker’s methodology is to perform runtime analysis of code executed in order to identify security flaws in the application. This is done by hooking into the process executing the application, and performing step-by-step analysis of the executed code. The attacks themselves are generated dynamically based on a ‘Smart Attack Tree,’ a long list of rules for mutating attacks based both on how the application reacts to them, and the actual application code.

The product supports an orgy of vulnerabilities, including: SQL injection, XML/XPath injection, directory traversal, cross-site scripting, parameter tampering, forceful browsing, malicious content upload, username/password enumeration, insecure redirects, source code disclosure, insecure storage of sensitive data (such as Credit cards, CVVs, SSNs), cookie poisoning and plenty more.

Currently supported are Java and .NET code analysis, using any database if no stored procedures are used. For stored procedures, Seeker supports Microsoft SQL and Oracle. PHP, as well as support for MySQL stored procedures, will be rolled out in a few months.

Seeker is currently headquartered in Israel, with $3M in funding under its belt.

This post was originally posted on TechCrunch.com where I cover the Israeli startup scene.

If you are a regular TechCrunch reader, describing a product as a SaaS hybrid of Quicken + Zoho + SalesForce, would paint a fairly clear picture in your mind of the product. And this is pretty much what Soho OS is. Thing is, the odds that their target user bases, small and micro-business, are regular TechCrunch readers, are slim.

But let’s push the ‘how to succinctly describe the offering’ issue aside, because Soho OS really does offer a well-rounded package of small business management services, from CRM, to invoicing, to VOIP. And it comes at an unbeatable price: it’s 100% free, with a commitment to remain so forever.

The founders of Soho OS built it specifically for micro-businesses, with fewer than 10 employees, for example freelancers, design houses, boutique PR agencies, etc . The idea was to provide a number of key businesses utilities for free, with a few premium ones as the base for a business model.

Sure, the interface could certainly use a UX overhaul with some American product design sensibility, but this is what Beta releases are for, and a chunk of the company’s next fundraising round has been earmarked for such an overhaul.

Once logged-in, users are presented with three main areas: Business, Networking, and Services.

The Business area is populated with the following ‘golden-oldie’ business utilities:

• Accounts – Account management with shared calendar & email features.
• Sales – Purchase and sales orders, leads and quotes management.
• Marketing – Campaign management and tracking.
• Finance – Bookkeeping and client billing.
• Inventory – Products management, price lists, vendors and purchase orders, automatic inventory renewal, sales and purchase order alerts.

The Networking area is aimed at helping small businesses add or better manage their social online activity. Twitter and Facebook feeds can be added and easily converted into actions such as tasks, leads, contacts and events. Other features include:

• Chat – With internal and external users.
• Inbox – Including mass email capabilities.
• Contacts – With multiple tasks such as sending SMS, faxes and voice messages.

This Services area section offers premium services on a pay-as-you-go basis. These include:

• Text & Voice Messaging – To single contacts or groups.
• Fax – Both sending and receive.
• VoIP – Both domestic and international calls.
• Conference Calls – Perform conference calls.
• Credit Card Processing – Process and track credit card transactions.

Based on a few hundred users, early traction is encouraging. Here is some data the Soho OS team shared with me on a recent campaign it ran on Facebook:

• 55% use Soho OS 9 times a month or more, 36% use it over 26 times per month.
• Average use time is 31min per visit.
• 20% out of the 400 approved beta users (out of 1200 requests) consume premium services.
• The leading premium service is VoIP followed by SMS and Fax.

This post was originally posted on TechCrunch.com where I cover the Israeli startup scene.