← Back to main site

Blog

Security engineering and cloud security insights for SaaS and fintech teams.

March 4, 2026
AWS Security Audit Checklist: What Auditors Check and How to Prepare
Practical AWS security audit checklist for SaaS and fintech: IAM, S3, networking, logging, and compliance. Prepare for SOC 2 or external audits without slowing engineering.
9 minAWSCloud SecurityComplianceSecurity Audit
March 4, 2026
Common SaaS Security Risks: What Engineering and Security Teams Should Address First
Practical overview of common SaaS security risks: authentication, multi-tenancy, APIs, secrets, and supply chain. For CTOs and engineering leads building or scaling SaaS.
8 minSaaSApplication SecurityCloud SecurityRisk Management
March 4, 2026
How SaaS Startups Fail AWS Security Audits (and How to Pass Without Slowing Down)
Common AWS security audit failures for SaaS: IAM sprawl, S3 exposure, missing CloudTrail, weak networking. Practical fix plan for CTOs and platform teams.
8 minAWSCloud SecurityComplianceDevSecOps
March 4, 2026
How Startups Prepare for SOC 2 Security Reviews: A Practical Guide for Engineering Leads
Practical guide to SOC 2 preparation for startups: scope, controls, evidence, and timelines. For CTOs and engineering leads preparing for a first or renewal audit.
9 minSOC 2ComplianceStartupsSecurity Program
March 4, 2026
API Security Testing Guide: OWASP API Top 10 for SaaS and Fintech
Practical API security testing guide: OWASP API Security Top 10, what to test, how to fix BOLA, auth, and injection. For engineering leads and security teams.
10 minAPI SecurityOWASPPentestingSaaS
March 4, 2026
Kubernetes Security Best Practices: Top 10 Mistakes and How to Fix Them
Kubernetes security best practices for production: RBAC, NetworkPolicies, secrets, workload hardening. Practical checklist for platform and engineering teams.
9 minKubernetesCloud SecurityDevSecOps
March 4, 2026
Top Web Application Vulnerabilities in SaaS Platforms: What to Test and Fix First
Most common web application vulnerabilities in SaaS: broken access control, injection, auth flaws, misconfiguration. Practical guidance for engineering and security teams.
9 minWeb SecurityOWASPSaaSPenetration Testing

Support my work

If my articles, case studies, or security resources helped you, you can support my work. Your support helps me maintain free content and keep publishing practical security guides.

Revolut

Quick support in seconds.

Buy me a spritz

Bank transfer (EUR)

If you prefer a traditional bank transfer, request IBAN and bank details via the contact form

Request bank details

Support is optional. For consulting or security work, please use the Services or Contact pages.