Skip to tool

MULTI-TENANT RELEASE FIREWALL

SaaS Tenant Isolation Leakage Lab

Find SaaS surfaces where tenant identity can be swapped, cached globally, searched globally, exported publicly or trusted from a mutable worker payload.

Reviewed 2026-07-08

Security
Tenant anchorRLS/service roleCache/search scopeTwo-tenant testsJSON receipt

Loading SaaS Tenant Isolation Leakage Lab...

Why this is different

Many SaaS leaks do not start with exotic exploits. They start with one cache key missing tenant ID, one support export trusting a form field, one worker job trusting payload tenant_id, or one service-role query without an explicit tenant predicate. This lab turns those hidden release risks into a boundary map and two-tenant test plan.