Upbeat Security

Case Studies

Anonymized findings from real engagements. What we found, how we fixed it, and what happened after.

FintechPenetration TestingCritical

Broken API auth in a payments integration

Broken Object Level Authorization in payments API

Fixed before first enterprise customer onboarded
2 weeks
Dev ToolsSecurity AuditCritical

API keys exposed in a developer platform

User API keys accessible via predictable S3 paths without authentication

Rotated and secured before public beta
2 weeks
B2B SaaSSecurity AuditCritical

Tenant data leaking across accounts

Missing tenant isolation in multi-tenant database queries

Full remediation before any breach
3 weeks
E-commerceSecurity AuditHigh

Cart price manipulation on a DTC brand

Server-side price validation gap allowing cart total manipulation

Patched in 8 days, no fraudulent orders confirmed
2 weeks
MarketplacePenetration TestingHigh

IDOR in a marketplace seller dashboard

Insecure direct object reference exposing seller financials and PII

Patched in 5 days, no evidence of exploitation
2 weeks