Let's finally build a working B2B
It’s been a busy week as I was spending most of my free time and all of my energy building something I have never tried before - a SaaS.
Yes, I know, it’s a bit weird. I’ve built so many websites but all of them were aimed for the end users.
SaaS is attractive for solopreneurs because it can generate money with fewer customers compared to B2C because you can charge companies more than individuals.
Fewer customers mean less work answering questions and closing support tickets, which is crucial for a business run by a single person.
But finding a good niche is hard, and the competition could be fierce.
So earlier this year, I came up with an idea that I thought was worth giving a shot.
Please welcome, CSPHero!
OK, before I tell you what it is, I have to warn you - this is extremely niche zone. If you don’t understand what I’ll be talking about, that’s totally fine, and I’ll try to spare the details.
Web browsers allow web admins to specify instructions for the browser - which resources can be loaded from where. This set of instruction is called Content Security Policy.
This is a low-hanging fruit - a super easy way to significantly improve the website’s security. It prevents a whole class of attacks, like cross site scripting, clickjacking, and many more.
Now web browser can also send reports (to a URL you should provide) every time the CSP is violated. There are several good reasons to track those. But it’s a website owner’s job to build a server to collect those reports.
Now you see where I’m heading with this. Instead of implementing a report collector, it’s much easier to use a 3rd party website, especially when it allows viewing and analyzing the reports in a good UI.
What it’s built with?
So far, I have built a first version of the product (there is a lot of polishing to be done). The main app is built with Rails for API (still the most productive framework for me) and React used on the client side.
The landing page is a Next.js and served by Vercel. This is my favorite stack these days for anything that doesn’t require a database.
Nothing fancy, but that’s by design. This time I really want the tech to be as boring as possible, so I could focus on marketing.
Marketing
The biggest reason I decided to try this SaaS is because I knew from the start exactly how I would market it.
First of all, the CSP is quite a big topic, and the standard evolves quickly. This means a great opportunity for content marketing. I already wrote a first post (setting up CSP for Google Fonts), and I have around 20 more topics in my mind to write about.
Second, there is also a good opportunity for free tools. The first one I’m working on write now, allows anyone to build a CSP using a UI interface. The cool thing about it is that it gives you some tips, warning, and best practices as you go.
Another one, which I’m about to start working on next week, is the checker/validator - where you copy-paste your CSP and validate it (plus get some good advice).
People who use those free tools might also consider using the paid product. Simple as that.
What’s next?
There’s a lot of work ahead, as you imagine. My TODO list currently consists of more than 40 items.
The important part is to come up with a nice logo and improve the UI for both the app and the landing page.
After that, there will be a lot of testing, and finally, I’ll focus on marketing.
I aim to get at least ten clients by the end of this year. If I cannot do this, I will shut it down and move on.
But so far, I have a good feeling about this.
P.S.: Please let me know what kind of information you are interested in. Should we get into more technical details? I desperately need your feedback!