SaaS Platform · 2026.01

Sample Engagement: SaaS Platform Security Assessment

Full-stack security assessment of a multi-tenant SaaS platform preparing for SOC 2 Type II.

Scope

4-week assessment

Stack

AWS, Node.js, React

Outcome

14 findings triaged; 3 critical issues remediated pre-audit.

Context

A mid-stage SaaS company engaged Zero Day Research ahead of their SOC 2 Type II audit. They needed an independent assessment of their multi-tenant platform, with findings mapped to CC-series controls and prioritized by exploitability.

Approach

• Threat modeling workshop with technical leadership
• Authenticated and unauthenticated testing against web + API surfaces
• Cloud configuration review (IAM, networking, logging)
• Targeted review of tenant-isolation boundaries

Outcomes

• 14 findings delivered in a single report with executive summary
• 3 critical issues identified and remediated prior to audit fieldwork
• Remediation verification re-test included in engagement
• Follow-on retainer established for quarterly research capacity

Replace this file with real engagements. Redact client names where required.

← All Engagements