API Breach Prevented in Fintech App
How a ₹10 Lakh data breach was prevented through IDOR detection and remediation.
XSS in EdTech Platform
Critical stored XSS in student profile modules patched to prevent data exfiltration.
Broken Authentication in SaaS Platform
Privilege escalation vulnerability resolved, protecting over 25,000 enterprise users.
OAuth Token Bypass in Healthcare Portal
Exploiting improper OAuth implementation to access restricted patient data. Full disclosure and fix walkthrough.
SSRF via Image Upload Feature
Leveraging SSRF to access internal metadata endpoints in a cloud-hosted app. Secured and mitigated by HVSec.
CSRF in Online Banking App
Exploiting missing CSRF protections in funds transfer forms. Vulnerability patched before exploitation.
IDOR in Finance API
Critical data exposure via predictable transaction ID enumeration — patched before exploitation.
SQL Injection in E-Commerce Platform
Critical SQLi in product search exposed order and customer data — patched before exploitation.
2FA Bypass in Logistics Platform
Severe 2FA flaw exposed sensitive shipment data — fixed within 24 hours after HVSec audit.
Clickjacking in Job Recruitment Portal
Iframe-based UI trickery allowed user action manipulation — patched before vendor audit.
XXE in Online Tax Filing App
Critical XML parser flaw exposed server files. Fixed before tax season launch.
OAuth Token Bypass in Healthcare Portal
Unvalidated tokens gave unauthorized access to patient records. Fixed with audience & scope checks.