Technical Audit Portfolios
Deep dive reports detailing critical logic bugs discovered during our VAPT audits and secure validation patches implemented for client builds.
Prevented BOLA Data Exposure in FinTech API
A Neo-Banking Startup was launching their API platform, but security scanning failed to check complex multi-step authorization logic.
Identified access boundary vulnerability where row-level queries on transfer endpoints failed to check context tenant ownership.
Potential leakage of financial records of over 120,000 users, leading to RBI compliance violations and brand loss.
Applied Solution Patch
Implemented resource-level authorization validation filters, cryptographically signed entity IDs, and rate limits.
Secured HealthTech Patient Portals for Enterprise Integration
A fast-growing HealthTech platform failed an enterprise hospital's onboarding assessment due to insufficient HIPAA controls and exposed patient file URLs.
Diagnosed exposed storage buckets lacking pre-signed authorization tokens, permitting resource queries on sensitive records.
Exposed sensitive patient records, threatening massive HIPAA penalties and blocking a $450k annual recurring revenue enterprise deal.
Applied Solution Patch
Migrated files to private buckets with short-lived AWS CloudFront signed cookies and integrated OAuth2 controls.
Audited SaaS Multi-Tenant Architecture on AWS
A B2B SaaS tool had complex database queries where tenant filters could be bypassed using SQL structures, resulting in potential cross-tenant leakage.
Identified connection pool context overlap inside custom ORM configurations, permitting session telemetry leak across tenancy boundaries.
Uncontrolled access to company telemetry, dashboards, and client files, which would ruin customer trust.
Applied Solution Patch
Redefined connection pool configuration to apply row-level security (RLS) on PostgreSQL, separating database contexts.