Security Guides
Deep-dive playbooks, startup fundamentals, enterprise hardening.
SQL Injection in 2026: Why It’s Still in 40% of Indian Web Pentests
SQL injection has been on OWASP Top 10 since 2003. Modern variants — blind, time-based, second-order, NoSQL injection, ORM injection — still…
Active DirectoryActive Directory Threat Modeling: Where Attackers Will Hit First (2026)
Most defensive AD work happens reactively after a pentest. Threat modeling AD means thinking the way attackers do before the pentest. Empirical…
Security GuidesThreat Modeling for Multi-Tenant SaaS: The Isolation Boundary Problem
Multi-tenancy is not a security feature. It is an architectural choice with security consequences. Every B2B SaaS that shares compute, storage, or…
Security GuidesAPI Threat Modeling: From OpenAPI Spec to Attack Surface Map
APIs are where most SaaS breaches happen, and threat modeling is where most SaaS teams stop before reaching APIs. Developers who understand…
Security GuidesThreat Modeling for SaaS: STRIDE Applied to a Real B2B Product
Most B2B SaaS companies we work with have heard of STRIDE. Far fewer have actually threat-modeled a real product feature under production…
DPDP ComplianceIncident Response Runbook: Data Exfiltration Under DPDP (India)
Data exfiltration incidents were difficult enough before the DPDP Act 2023. Now they carry statutory teeth: notification obligations to the Data Protection…
Security GuidesIncident Response Runbook: Credential Compromise & Session Hijack
Credential compromise rarely announces itself. Ransomware comes with a note; credential theft comes with a successful login from an unexpected IP, an…
Security GuidesIncident Response Runbook: Ransomware (Enterprise)
A ransomware incident does not give you time to plan. The first hour sets the trajectory of the next ninety days. Organizations…
Security GuidesKerberoasting in 2026: The Practitioner Playbook
How Kerberoasting still works in 2026, the full attack chain, why defenses fail, and the seven controls that actually stop it. Written…
Security GuidesActive Directory Security Hardening: A Practical Enterprise Guide
Active Directory is the backbone of identity and access management in most enterprise environments — and one of the most frequently targeted…