Case Study
E-commerce SaaS Platform
Scoped, non-disruptive security testing for a multi-tenant e-commerce platform, designed to complement an existing bug bounty program.
The Challenge
The team needed a clear, defensible view of tenant isolation and infrastructure configuration after rapid growth. Their bug bounty program surfaced point issues, but leadership needed structured evidence they could review and act on with confidence.
- • Confirm tenant data boundaries were enforced across apps and APIs
- • Validate cloud storage access without disrupting production traffic
- • Provide findings with fix guidance that mapped to internal owners
A predictable, fixed-scope engagement
We agreed on a fixed scope and price upfront, with clear rules of engagement so the team knew exactly what would and wouldn't be tested. That kept the work non-disruptive and made review straightforward.
Scope and safeguards agreed
Mapped tenant boundaries, APIs, and cloud assets, plus rate limits, test windows, and on-call contacts before any testing began.
Controlled testing alongside bounty
Executed the plan in scheduled windows with monitoring and no scope creep, complementing the existing bounty program.
No-surprises delivery
Shared evidence-backed findings with owner mapping and retest steps, so remediation and sign-off were predictable.
Findings tied to real attack paths
We modeled how a motivated attacker could chain normal tenant actions into cross-tenant access, then validated those paths with controlled testing. Each issue includes evidence and clear fixes.
Cross-tenant order access via IDOR chain
By combining predictable order identifiers with a permissive lookup, a logged-in user could retrieve another tenant's order data.
Resolution: Tenant scoping enforced on every order lookup, with regression tests added for cross-tenant access.
GraphQL schema exposure enabling targeted probing
Production introspection exposed internal fields and deprecated types, making it easier to map hidden paths and craft focused probes.
Resolution: Introspection disabled in production and internal fields removed from the published schema.
Public object access from mis-scoped storage policy
A cloud storage policy allowed unauthenticated reads of customer uploads under specific object paths.
Resolution: Bucket access restricted to signed, tenant-scoped requests and public access blocks enforced.
Outcome: Clear, defensible tenant isolation
The team tightened access controls and validated tenant boundaries with evidence they could use in internal reviews. The structured findings complemented the bounty by covering cross-tenant and infrastructure paths, reducing surprises and clarifying remediation ownership.
"Our bounty program catches point issues. This work gave us a clear, review-ready view of the structural and infrastructure areas the bounty doesn't cover."
— CTO, E-commerce Platform
Safe next step
Walk through your e-commerce scope.
No commitment required.
We can review tenant boundaries, APIs, and storage paths, including AI/MCP integrations when they're in scope, explain how we scope testing, and share a fixed quote if it is useful.
Start a conversationor See more case studies first