Case Studies

Critical Findings, Measurable Outcomes

Representative engagements that illustrate how we find, validate, and help remediate high-impact vulnerabilities. Details are anonymized and illustrative.

Financial Technology
Web & API Penetration Test
Critical Severity

Account Takeover Chain in a Digital Banking Platform

A fast-growing fintech engaged Security Reapers to assess its customer-facing banking platform ahead of a major funding round. Our team chained several individually moderate issues into a full account-takeover capable of compromising any customer account.

Key Findings

Broken Object-Level Authorization (IDOR)

Critical

An API endpoint allowed authenticated users to enumerate and modify other customers' profile and contact data by manipulating object identifiers.

Weak Password-Reset Token Generation

High

Password-reset tokens were predictable, enabling an attacker to forge valid reset links for arbitrary accounts.

Missing Re-Authentication on Email Change

High

Critical account changes did not require re-authentication, allowing silent takeover once contact data was modified.

Business Impact

Chained together, these flaws allowed full takeover of any customer account — including access to balances, transaction history, and the ability to initiate fraudulent actions. For a regulated financial platform, this represented direct fraud, regulatory, and reputational exposure.

Remediation Process

We provided a prioritized remediation plan: enforce strict object-level authorization, replace token generation with a cryptographically secure scheme, and require step-up authentication for sensitive changes. Our team supported engineering through implementation and validated every fix.

Security Improvements

  • All critical findings remediated within the engagement window
  • Re-architected authorization layer with centralized access checks
  • Successful retest confirmed full closure of the attack chain
B2B SaaS
Cloud Security Assessment
Critical Severity

Cloud Privilege Escalation to Full Tenant Compromise

A multi-tenant SaaS provider asked us to assess the security posture of its AWS environment. Beginning from a low-privileged developer role, our team escalated to full administrative control over the production environment.

Key Findings

Over-Permissive IAM Role

Critical

A developer IAM role had an attached policy permitting iam:PassRole and the creation of new policies, opening a direct privilege-escalation path.

Exposed Secrets in CI/CD

High

Long-lived cloud credentials were stored in pipeline variables accessible to all project members.

Insufficient Tenant Isolation

High

Shared storage buckets lacked per-tenant boundaries, risking cross-tenant data access.

Business Impact

The escalation path allowed an attacker with minimal access to obtain administrative control of the entire AWS environment, exposing all customer data across tenants. This represented an existential risk to the business and its customers.

Remediation Process

We delivered least-privilege IAM redesign recommendations, secrets-management improvements, and tenant-isolation architecture guidance. We collaborated with the platform team on infrastructure-as-code changes and retested the environment.

Security Improvements

  • Privilege-escalation path eliminated through least-privilege redesign
  • Secrets migrated to a managed secrets-management service
  • Tenant isolation enforced and validated on retest
E-Commerce
External Network & Web Penetration Test
Critical Severity

Remote Code Execution via Vulnerable Deserialization

A high-traffic e-commerce platform engaged Security Reapers for an external assessment. Our team discovered an insecure deserialization flaw on an internet-facing service that led directly to remote code execution.

Key Findings

Insecure Deserialization

Critical

A public endpoint deserialized untrusted user input, enabling arbitrary code execution on the underlying server.

Outdated Dependency with Known CVE

High

A core component ran a version with a publicly known, exploitable vulnerability.

Excessive Server Privileges

Medium

The application process ran with elevated privileges, amplifying the impact of code execution.

Business Impact

Remote code execution on an internet-facing server provided a direct path to the internal network and customer data, including the potential to compromise payment workflows during peak shopping season.

Remediation Process

We provided immediate containment guidance, a patch path for the vulnerable component, and secure-deserialization recommendations. We retested to confirm the RCE was fully resolved and the server hardened.

Security Improvements

  • RCE remediated and confirmed closed on retest
  • Dependency-management and patching process improved
  • Server privileges reduced following least-privilege guidance

Case studies are illustrative and anonymized to protect client confidentiality. They represent the types of engagements, findings, and outcomes typical of Security Reapers' work.

Ready when you are

Find your critical risks before attackers do.

Partner with offensive security specialists who test the way real adversaries operate. Scope an engagement and get a clear, fixed proposal — with free retesting included.

Request an Engagement Explore Services