ARJUN RAJ.
← All Projects/Security SolutionsDelivered

Security Audit & Hardening

End-to-end security assessment of a SaaS web application — threat modelling, penetration testing, OWASP Top 10 remediation, and implementation of WAF rules and secure CI/CD pipelines.

4 weeksTimeline
5Technologies
4Key Outcomes
DeliveredStatus

The Challenge

What needed to be solved.

A SaaS company preparing for SOC 2 compliance discovered their web application had never undergone a professional security assessment. Internal scans revealed potential vulnerabilities, but they lacked the expertise to prioritize, remediate, and implement ongoing security measures.

The Approach

How I built the solution.

Conducted a comprehensive threat model mapping all attack surfaces, followed by manual penetration testing using Burp Suite and custom scripts. Identified and prioritized 23 vulnerabilities across the OWASP Top 10 categories. Implemented AWS WAF rules, hardened the CI/CD pipeline with SAST/DAST scanning, configured CSP headers, and set up automated dependency vulnerability scanning with GitHub Actions.

Technology Stack

Tools chosen with intent.

OWASP
Burp Suite
AWS WAF
GitHub Actions
Terraform

Results

Measurable outcomes delivered.

0 critical or high-severity vulnerabilities post-remediation
23 vulnerabilities identified and resolved
WAF blocking 99.8% of malicious requests
Automated security scanning in CI/CD pipeline

Want to build something like this?

Let's discuss your project and explore how I can help.

Start a Conversation