Write-ups
Technical write-ups: methodology, findings, and remediation. Linked to blog posts and case studies so you can follow the thread from high-level guidance to concrete engagements.
Technical write-ups
Below: write-ups published as blog posts. Use the tags to filter by topic (API, cloud, Kubernetes, compliance).
API Security Testing Guide: OWASP API Top 10 for SaaS and Fintech
Practical API security testing guide: OWASP API Security Top 10, what to test, how to fix BOLA, auth, and injection. For engineering leads and security teams.
AWS Security Audit Checklist: What Auditors Check and How to Prepare
Practical AWS security audit checklist for SaaS and fintech: IAM, S3, networking, logging, and compliance. Prepare for SOC 2 or external audits without slowing engineering.
How SaaS Startups Fail AWS Security Audits (and How to Pass Without Slowing Down)
Common AWS security audit failures for SaaS: IAM sprawl, S3 exposure, missing CloudTrail, weak networking. Practical fix plan for CTOs and platform teams.
Kubernetes Security Best Practices: Top 10 Mistakes and How to Fix Them
Kubernetes security best practices for production: RBAC, NetworkPolicies, secrets, workload hardening. Practical checklist for platform and engineering teams.
Top Web Application Vulnerabilities in SaaS Platforms: What to Test and Fix First
Most common web application vulnerabilities in SaaS: broken access control, injection, auth flaws, misconfiguration. Practical guidance for engineering and security teams.
How Startups Prepare for SOC 2 Security Reviews: A Practical Guide for Engineering Leads
Practical guide to SOC 2 preparation for startups: scope, controls, evidence, and timelines. For CTOs and engineering leads preparing for a first or renewal audit.