An independent security practice for small web products. One short report, every finding verified by hand, the exact fix attached.
Non-intrusive pass — only what a browser already requests.
Hands-on review of the flaws no scanner finds.
Risky defaults and leaked secrets across build and infra.
What your network quietly leaves on the open internet.
ex***ra.me). No proof, no full URLs, no
secrets — we never publish what we haven't first shared with the
owner privately. The list polls every 30 seconds, so when our scanners
produce a new finding it lands here on its own.
Every finding ships with a copy-paste line you can reproduce yourself.
Severity reflects what an attacker gains — not a scanner's guess.
File paths and config, not "consider reviewing". 30-day retest included with the full audit.