← Back to main site

Case Studies

Real-world engagements (anonymized). Problem, approach, and outcome.

Application Security

SaaS API Access Control Vulnerability

Problem

A B2B SaaS platform allowed clients to manage their data via REST API. During testing we found that object IDs in API requests were sequential and predictable. By changing the ID parameter, an authenticated user could access other tenants’ records. There was no server-side check that the resource belonged to the requesting organization.

Approach

We performed black-box testing of the API with two test accounts. We enumerated endpoints, analyzed request/response patterns, and systematically tested for IDOR using parameter tampering. We documented the exact requests that led to cross-tenant data exposure and assessed impact (PII and business data).

Outcome

The development team implemented authorization checks at the data layer so every query was scoped to the authenticated tenant. Object IDs were replaced with UUIDs to reduce predictability. We performed a re-test to confirm remediation. The finding was resolved before any security disclosure or breach.

Cloud Security

Public S3 Bucket Data Exposure

Problem

During an AWS security audit we discovered an S3 bucket used for customer file uploads and database backups. The bucket had a bucket policy that allowed public read access under certain conditions. List operations were restricted, but direct object URLs were guessable. We confirmed access to sensitive files including PII and backup archives.

Approach

We used AWS CLI and custom scripts to enumerate bucket configuration, policies, and ACLs. We aligned findings with CIS AWS Benchmark and AWS security best practices. We documented the exact IAM and bucket policy issues and provided a step-by-step remediation plan including Block Public Access settings and least-privilege IAM.

Outcome

The client enabled S3 Block Public Access at the account level, tightened the bucket policy to remove public access, and migrated existing sensitive objects to a new bucket with encryption (SSE-S3) and strict access controls. We provided a short checklist for future bucket creation to prevent recurrence.

Cloud Security

Privilege Escalation in Cloud IAM

Problem

A fintech client used multiple IAM roles for developers, CI/CD, and production workloads. Our offensive security assessment found that a role used by developers had iam:PassRole and iam:CreatePolicyVersion (or similar) permissions. An attacker with developer credentials could create a new policy version attaching administrator access and assume it, escalating to full account compromise.

Approach

We performed IAM policy analysis using AWS APIs and Prowler. We built a privilege escalation graph and identified the exact permissions that allowed escalation. We documented the attack path with minimal steps and provided a proof-of-concept that the client could run in a test account.

Outcome

The client reduced permissions on developer and CI/CD roles following least privilege. They introduced permission boundaries and separated roles for human vs. machine identities. We re-validated that the previously identified escalation path was no longer possible.

Want similar security insights for your system?

Get in touch for a no-obligation discussion.

Book consultation

Support my work

If my articles, case studies, or security resources helped you, you can support my work. Your support helps me maintain free content and keep publishing practical security guides.

Revolut

Quick support in seconds.

Buy me a spritz

Bank transfer (EUR)

If you prefer a traditional bank transfer, request IBAN and bank details via the contact form

Request bank details

Support is optional. For consulting or security work, please use the Services or Contact pages.