Security Research

Threat Research Series

Curated multi-post series on threat areas and defensive guidance. Each series groups blog posts and case-study themes for faster scanning and deeper reading.

← Research Index Blog

Series

SaaS & multi-tenant security

Threat briefs and remediation for B2B SaaS: tenant isolation, API access control, IDOR/BOLA, and data exposure risks. Tied to real engagements and OWASP guidance.

3 posts · Updated 2026

AppSec API SaaS

Common SaaS Security Risks: What to Address First
Top Web Application Vulnerabilities in SaaS Platforms
OWASP API Top 10 for SaaS and Fintech

Cloud IAM & privilege escalation

AWS/GCP IAM misuse, permission boundaries, and how to find and fix privilege escalation paths. Aligned with case studies on IAM and S3 exposure.

2 posts · 2026

Cloud AWS Offensive

How SaaS Startups Fail AWS Security Audits
AWS Security Audit Checklist: What Auditors Check

API abuse & OWASP API Top 10

Testing and hardening APIs: BOLA, auth flaws, injection, and rate limiting for SaaS and fintech. Links to API security testing service and case studies.

2 posts · 2026

API Security OWASP

API Security Testing Guide: OWASP API Top 10
Case study: SaaS API Access Control Vulnerability

Research Index All blog posts