Recent engagements.

Senior practitioner-led security and compliance work for companies that handle real risk. Below are anonymised summaries — methodology, scope, and outcomes — for prospective clients evaluating fit.

Engagement specifics, vulnerability details, and client identities are protected under NDA. What you see below is the shape of the work — what we tested, how we tested it, and what changed afterwards.

Senior practitioners only Signed NDA + Rules of Engagement Retest included No account-manager layer
01 · Web Application Audit-ready

Web Application Security Assessment

Leading Indian Fintech

Comprehensive OWASP / PTES-aligned assessment of a consumer-facing lending and credit-marketplace platform serving millions of users. Covered authenticated and unauthenticated surfaces, KYC and document upload pipelines, payment integration boundaries, and admin interfaces.

BFSI / Fintech 4–6 weeks
Methodology
  • OWASP Top 10
  • OWASP ASVS L2
  • PTES
  • Burp Suite Pro
  • Manual + automated
100%Critical & High remediated
AuditPassed in next cycle
IDOR classEliminated platform-wide
Read the case study
02 · Mobile + API MASVS Level 2

Mobile App + API Security Review

Indian Fintech (BFSI)

MASVS-aligned review of an Android + iOS consumer fintech application together with the REST API powering it. Static and dynamic analysis with Frida, Objection, Burp Suite, and platform-native tooling. Hardened the client-server boundary end-to-end.

BFSI / Fintech 3–4 weeks
Methodology
  • OWASP MASVS L2
  • OWASP MSTG
  • API Top 10
  • Frida + Objection
  • Static + Dynamic
KeystoreAll sensitive data migrated
PinningRebuilt + verifiable
QuarterlyReview cadence established
Read the case study
03 · DPDP Compliance DPDP-aligned

DPDP Act Readiness Assessment

Indian Fintech

End-to-end Digital Personal Data Protection Act 2023 readiness assessment for a large multi-product fintech. Personal data inventory across consumer products, internal CRM, and downstream partner integrations. Clause-by-clause gap analysis with a 90/180/365-day remediation roadmap.

BFSI / Fintech 6–8 weeks
Methodology
  • DPDP Act 2023
  • ISO/IEC 27701
  • GDPR alignment
  • Interview + sample trace
  • Vendor due diligence
90 daysVendor contracts re-papered
AutomatedRetention + deletion
OfficerDPDP grievance designate
Read the case study