Fintech (UK, Series C)
Pentest
API
Eliminating IDOR exposure across a payments API
Discovered a chained IDOR + auth bypass enabling unauthorised wire transfers. Re-architected authorisation layer with our team.
Before
12 critical, 28 high
After
0 critical, 2 medium