I'll find out what's exposed before someone else does. Free — full report, fix recommendations included.
Get Your AuditMost Supabase apps ship with broken RLS, exposed service keys, or auth configs that let users access data they shouldn't.
I've seen it in over 60 companies—including YC startups that thought they were secure.
Common finding:
SELECT * FROM users — returns every user in the database because RLS is disabled or policies are misconfigured.
For free, I'll test your Supabase setup and send you a detailed report covering:
Row Level Security policies
The #1 problem area — I'll check every table and policy
Auth and session handling
JWT validation, session management, auth flows
API and key exposure
Service keys in client code, exposed endpoints
Storage bucket permissions
Public vs private access, upload restrictions
Edge function security
Input validation, auth checks, secret handling
You'll get severity ratings for each finding and clear recommendations on how to fix them.
Once you've made the fixes, I'll verify them for free—just hit me up within 30 days.
I'm MinnySec, CWES certified.
I've helped 60+ companies lock down their Supabase instances and responsibly disclosed vulnerabilities to startups who had no idea they were exposed.
I put out free Supabase security content on YouTube—but if you want someone to actually test your app, that's what this is for.
Fill out the form below and you'll receive your security report within 3-5 days.