Security Guides

Multi-tenancy is not a security feature. It is an architectural choice with security consequences. Every B2B SaaS that shares compute, storage, or a code path between customers is making a set of isolation promises, explicitly or implicitly. The promises are rarely written down. When isolation fails, the failure is usually cross-tenant data exposure, and it […]

APIs are where most SaaS breaches happen, and threat modeling is where most SaaS teams stop before reaching APIs. Developers who understand STRIDE at the architecture level often stall when asked to threat-model a specific API endpoint. The reason is not conceptual; it is operational. An OpenAPI specification contains hundreds of endpoints, thousands of parameters, […]

Most B2B SaaS companies we work with have heard of STRIDE. Far fewer have actually threat-modeled a real product feature under production load, with real engineers, producing real backlog items. The gap is not a lack of method. STRIDE is simple. The gap is that teams read the framework, draw a data flow diagram, enumerate […]

Data exfiltration incidents were difficult enough before the DPDP Act 2023. Now they carry statutory teeth: notification obligations to the Data Protection Board and to affected data principals, penalties that can reach 250 crore rupees for failure to implement reasonable security safeguards, and an evolving interpretation that will be shaped by the Board’s early enforcement […]

Credential compromise rarely announces itself. Ransomware comes with a note; credential theft comes with a successful login from an unexpected IP, an invoice approved by someone who was asleep, or a customer calling to ask why you sent them a strange email. Session hijack is even quieter: the adversary does not need the password because […]

A ransomware incident does not give you time to plan. The first hour sets the trajectory of the next ninety days. Organizations that respond badly in hour one end up negotiating with threat actors from a position of desperation; organizations that respond well contain the blast radius, preserve forensic evidence, and restore operations without paying. […]

How Kerberoasting still works in 2026, the full attack chain, why defenses fail, and the seven controls that actually stop it. Written for AD administrators and red teamers.

Active Directory is the backbone of identity and access management in most enterprise environments — and one of the most frequently targeted systems in cyberattacks. Compromising AD means compromising everything: every user account, every server, every resource on the network. This guide covers the most critical AD hardening steps based on real-world enterprise experience managing […]

Most startup breaches do not happen because attackers are sophisticated. They happen because the basics were skipped. After working in enterprise security environments protecting 4,000+ users and 5,000+ managed endpoints, I see the same five mistakes repeated across organisations of every size — and they are all preventable. If you are building a product, raising […]