Sample Audit Report
See what you receive when you purchase an audit. This is a redacted example showing the format and depth of our reports.
Security Audit Report
SampleSaaS Application Audit
Client: [Redacted] · Date: January 2026 · Package: Full Audit
Executive Summary
We audited a Next.js SaaS application built primarily with AI coding tools. The application handles user authentication, payment processing, and multi-tenant data storage using Supabase. Our review identified 14 security findings across 4 severity levels.
3
Critical
4
High
5
Medium
2
Low
Findings
FINDING-001: Missing Row Level Security
Description
The user_profiles and subscriptions tables have Row Level Security disabled, allowing any authenticated user to read and modify all rows in these tables.
Location
supabase/migrations/001_initial.sql
Impact
Any authenticated user can view or modify other users' profile data and subscription status, leading to data exposure and potential privilege escalation.
Remediation
Enable RLS on both tables and create policies that restrict access to the authenticated user's own rows using auth.uid().
FINDING-002: API Key Exposed in Client Bundle
Description
A third-party API key with write permissions is prefixed with NEXT_PUBLIC_ and included in the client-side JavaScript bundle, visible to any user inspecting the page source.
Location
.env.local, src/lib/api-client.ts
Remediation
Move the API call to a server-side API route or Server Action. Remove the NEXT_PUBLIC_ prefix so the key is only available server-side. Rotate the compromised key immediately.
FINDING-003: No Rate Limiting on Auth Endpoints
Description
The login, registration, and password reset endpoints have no rate limiting configured, making them vulnerable to brute-force attacks and credential stuffing.
Remediation
Implement rate limiting using middleware or a library such as @upstash/ratelimit. Apply stricter limits to authentication endpoints (e.g., 5 attempts per minute per IP).
+ 11 more findings in a real report
Including low-severity items and informational recommendations
Remediation Roadmap
Every report includes a prioritised remediation roadmap so you know exactly what to fix first.
Get your own audit report
Every report is tailored to your specific codebase and the AI tools you used to build it. Find out what needs fixing before your users do.