Free Check3 findings1,432 words
ClipForge Studio
Free Check sample report
3 verified findings. Concrete proof report.
A focused proof note with fictionalized but concrete route excerpts for auth, billing, and AI/API abuse.
Human-Verified SaaS Security Review
FreeSecurityCheck.Zerosetup.
Free manual SaaS security baseline for teams shipping with AI help, freelancers, billing logic, API routes, or AI-facing workflows. We verify high-impact auth, billing, tenant-isolation, AI/API, and client-visible data risks on the approved public app or self-signup flow.
No customer credentials
No customer credentials, internal accounts, or staging access required.
No repo access required
Non-destructive validation only on the approved public scope.
Written authorization first
Testing starts only after written approval on the in-scope assets.
Human-verified findings
AI can assist mapping, but every reported finding is manually reproduced.
What You Get
A report your team can act on the same day.
No scanner dump. No exploit theater. Just verified findings, business context, and the next fix direction.
If no critical or high-impact issue is confirmed in the approved baseline scope, you still receive a short outcome note explaining what was reviewed and that no qualifying finding was verified.
Report anatomy
Private PDF + web report
01
Verified findings summary
What was confirmed, what was not, and what deserves attention first.
02
Affected surface
The route, account state, product flow, or exposed client surface involved.
03
Business impact
Why it matters for spend, trust, customer data, or revenue control.
04
Immediate fix direction
The first backend control or exposure reduction to prioritize.
Who This Is For
Built fast? Added more than one surface? That is usually where the risk starts.
SilentProof is built for solo founders, indie hackers, and lean SaaS teams shipping quickly. Especially products assembled with AI help, contractors, extensions, MCP tools, or extra AI-facing channels that never got a real security review.
Founders We Help
- 01Solo founders and indie hackers shipping quickly
- 02SaaS products assembled with AI help, freelancers, or agencies
- 03Lean teams without a dedicated security review
- 04Products already live or close to launch
Where Gaps Usually Show Up
- 01Core web app plus a Chrome extension
- 02MCP tools exposing actions or data to AI agents
- 03AI copilots, chat flows, and automation layers
- 04Extra auth, billing, or tenant paths added after launch
Why this matters
A product can feel solid in the main app and still leak through the surfaces wrapped around it: extensions, MCP servers, agent workflows, APIs, webhooks, admin tools, background jobs, and third-party integrations. Every added surface is another place where one weak edge can expose the product.
Request First
Start with the real request form.
A company contact starts here. We verify the requester, confirm the in-scope domain, and only then send the authorization step that can start the manual review.
Work email verification before authorization
Written approval tied to the company domain
Manual review starts only after approval
Who Can Request This
Founder, CTO, security lead, or legal contact
A company-domain contact who can define scope
Agency or contractor requests only with extra confirmation
If the requester cannot be clearly tied to the company or the domain, the request pauses until the company confirms it.
Security Review Request
Sample Reports
Human-verified SaaS reviews. Real proof.
Human-verified security reviews for fast-shipped SaaS products. AI helps map endpoint families and test hypotheses; every finding shown here is manually reproduced before it becomes a report.
Deep Review8 findings + chains9,705 words
ClipForge Studio
Deep Review sample report
8 findings, concrete paths, chains, and retest plan.
A full engineering handover with sanitized path-level evidence, attack chains, root causes, fix steps, endpoint maps, and retest gates.
The Workflow
Request. Verify. Authorize. Review.
This is not an instant automated scan. It is a controlled intake flow that hands a verified, authorized request to our manual review process with far less friction than a traditional pentest.
Submit The Request
A company contact starts with a short request form using a work email, company name, and in-scope domain. No account system is required at this stage.
Verify Company Relationship
We verify the work email and the relationship to the company domain. If authority is unclear, the request pauses until additional proof is provided.
Collect Written Authorization
The requester accepts the Authorization & Rules of Engagement on the exact in-scope assets. Active testing does not start before this step is complete.
Manual Baseline Review
Our team starts the baseline review manually. We inspect the public app and any accounts we can lawfully self-create, staying inside the approved scope.
Report Delivery
After authorization, we confirm timing by email. You receive either verified critical/high findings through a private magic link or a short no-qualifying-finding outcome note. The $799 Deep Review is an optional second pass on the same scope.
Redacted Patterns
The Evidence Room
Six founder-readable issue classes, written as business risk instead of exploit theater.
01
Public AI route
A stranger can use your AI spend
A model-backed helper responds before the user has a verified session or plan state.
Business risk
Anonymous cost burn and abuse traffic.
Safe proof
Public request, redacted output.
02
Workspace ownership
One user can write into another user's workspace
The backend validates that an object exists, but not that the caller owns it.
Business risk
Tenant integrity failure and trust damage.
Safe proof
Two SilentProof-created accounts.
03
Plans and billing
Free or unpaid users can bypass limits or billing
The UI shows a limit, while direct requests can still create, export, or activate more than intended.
Business risk
Revenue leakage and premium feature abuse.
Safe proof
Self-created account, safe over-limit check.
04
Public data exposure
Public pages can leak customer data or contact details
A public route exposes more fields than the page needs, including customer contact or internal metadata.
Business risk
Privacy exposure, sales trust damage, and support escalation.
Safe proof
Client-visible responses, redacted fields.
05
Tokens and magic links
A signed link or token can become real account access
A token meant for one narrow action is accepted in a wider context or remains useful longer than intended.
Business risk
Account access or durable unauthorized sharing.
Safe proof
Minimal token lifecycle check.
06
Client-visible config
A public key or client token can expose live backend data
A public-looking key is safe only if backend rules enforce the real boundary.
Business risk
Data leakage, storage abuse, or unexpected writes.
Safe proof
Effective permissions, no secret publication.
Honest routing. Transparent scope.
We report only what can be safely verified inside the approved scope. Public app paths and lawfully self-created accounts are in bounds; customer credentials, internal access, and repo access are not required for the baseline.
Precision Scope
Approved public surfaces only. This works best when public signup, trial access, or another testable public flow exists.
In Scope
- /Public web app endpoints, extension flows, and AI-facing routes
- /Self-signup, magic-link, and onboarding flows
- /Tenant isolation and access-control on self-created accounts
- /Public / client-visible data exposure leaks
Out of Scope
- /No active probing prior to approval
- /No DoS, DDoS, or load testing
- /No social engineering, phishing, or vishing
- /No destruction of data or service disruption
Who Reviews
Reviews are performed by Nils Solutions GmbH, Berlin, with a focus on auth, tenant isolation, billing controls, AI and API exposure, and client-visible data leaks.
Standards Mapping
This is not a compliance audit, but findings can be mapped where useful to OWASP API Security, OWASP ASVS, and OWASP GenAI or LLM risk categories.
Pricing
Start with the baseline. Go deeper only if needed.
Verified critical and high findings from the baseline are not withheld behind the Deep Review.
Free Baseline is usually delivered within 48 hours after written authorization and successful access to the approved public flow. Business days only.
Deep Review is usually delivered within 72 hours after confirmation, unless scope complexity or customer access delays require a different timeline.
Free Baseline
$0
The first pass after request verification and written authorization, usually delivered within 48 hours after successful access to the approved public flow. Business days only.
Included in Free Baseline
- Work-email verification and authorization record
- Manual baseline review by our team
- Verified critical/high findings summary
- Magic-link report delivery
Not included in Free Baseline
- Broader second-pass coverage
- Full technical report and retest
- Hands-on remediation work
- Repo or code-access work
Second Pass
Deep Review
$799 flat
A broader second pass on the same authorized app after the free baseline is complete, usually delivered within 72 hours after confirmation unless scope complexity or customer access delays require a different timeline.
- Everything in Free Baseline
- Broader authenticated coverage where self-signup allows
- More depth on auth, access-control, and business-logic paths
- Full technical evaluation report (PDF)
- Prioritized remediation guidance specific to your stack
- One complimentary retest map to verify fixes
Remediation
Custom
Optional hands-on help once the company decides it wants implementation support.
- Separate authorization for repo or code access
- Remediation planning and prioritized fixes
- Hands-on code changes only after explicit approval
- Retest coordination after fixes land
- Separate commercial scope from the baseline review
Common Questions
Clarity on scope, legality, and safety.
Do I need to create an account first?
No. The landing flow starts with a request form, not a password account. If a report is delivered later, access can happen through a magic link.
Why do you verify the work email?
Because a request alone is not enough. We need to tie the requester to the company before sending the authorization step that can start a review.
Does a verified work email automatically prove authority?
Not always. It is the first signal, not the final one. If authority is unclear, we can require a second confirmation step before the engagement begins.
Do you start testing before approval?
No. Request submission does not begin testing. Active review starts only after written authorization on the defined in-scope assets.
Do you need access or credentials from us?
No. We do not ask for credentials, API keys, source code, or staging access for the baseline flow. We review the public app and accounts we can lawfully self-create.
What if the request comes from a contractor or agency?
We should not rely on that alone. If the requester is not clearly acting from the company domain with authority, the review pauses until the company itself confirms scope and authorization.
What happens if our sign-up is closed?
The baseline works best when public signup, trial access, or another lawful self-created path exists. If signup is closed, we limit the review to the public unauthenticated surface unless a separate authorization path is agreed.
Do you only review the main web app?
No. If the approved product surface also includes a Chrome extension, MCP tool, or AI-facing flow that is publicly reachable, those paths are part of what we review.
How is the report delivered?
The baseline result is meant to be delivered through a private magic link rather than a standing customer login. That keeps the first version low-friction.
How long does delivery take?
After written authorization, the Free Baseline is usually delivered within 48 hours after successful access to the approved public flow. Business days only. If the company chooses the $799 Deep Review on the same scope, it is usually delivered within 72 hours after confirmation unless scope complexity or customer access delays require a different timeline.
If you find a critical bug, do you withhold it for $799?
No. Verified critical or high-risk issues from the baseline are shown in the free result. The $799 Deep Review is a second pass, not a paywall for the same bug.
What if no critical or high issue is confirmed?
You still receive a short outcome note explaining what was reviewed in the approved baseline scope and that no qualifying finding was verified.
What exactly is the Deep Review?
A broader follow-up on the same authorized scope. It adds depth, fuller reporting, remediation notes, and a retest after the free baseline is complete.
Is this a fully automated scanner?
No. The baseline is not scanner-generated. AI can help cluster routes and test hypotheses, but every reported finding is manually reproduced by our team.
Who performs the review?
Reviews are performed by Nils Solutions GmbH, Berlin, with a focus on practical SaaS risk across auth, tenant isolation, billing controls, AI or API exposure, and client-visible data leaks.
Do findings map to standards?
Where useful, findings can be mapped to OWASP API Security, OWASP ASVS, and OWASP GenAI or LLM risk categories. The baseline is not a compliance audit.