Loading SaaS Tenant Isolation Leakage Lab...
MULTI-TENANT RELEASE FIREWALL
SaaS Tenant Isolation Leakage Lab
Find SaaS surfaces where tenant identity can be swapped, cached globally, searched globally, exported publicly or trusted from a mutable worker payload.
Reviewed 2026-07-08
SecurityTenant anchorRLS/service roleCache/search scopeTwo-tenant testsJSON receipt
Why this is different
Many SaaS leaks do not start with exotic exploits. They start with one cache key missing tenant ID, one support export trusting a form field, one worker job trusting payload tenant_id, or one service-role query without an explicit tenant predicate. This lab turns those hidden release risks into a boundary map and two-tenant test plan.