arrow_back Back to labs.sarmkadan.com

Selected work

Selected work.

Three engagement archetypes. Composite cases built from real audit patterns - code samples, attack chains, and remediation steps are drawn from actual work; client names and specific metrics are illustrative.

Helix (anon) Fintech
-91% P1
defects in 8 weeks

Series B fintech. Fixed auth-check ordering IDOR, ledger race under concurrent POST /transfer, 72h reset-token TTL drift.

Read case arrow_forward
Orbital (anon) B2B SaaS
340→80ms
time to interactive

B2B analytics SaaS. N+1 on nested org relationships, pathological React re-renders, WebSocket fan-out without backpressure.

Read case arrow_forward
Toniq (anon) Healthtech
0 critical
in SOC2 Type I audit

Healthtech. PHI leakage in error responses, audit-log gaps on failed auth, RBAC scope creep through middleware.

Read case arrow_forward

Want the same?

Twenty-minute scoping call. You explain the surface area; I explain whether Spot Audit, Launch-Ready, or Continuous actually fits.

Book a 20-min call arrow_forward