Budget: 180 EUR Deadline: 5 days
Good day! Security audit before launch is our specialty (we run the security practice GuardLabs: monitoring, access leak detection, hardening). I will break it down specifically for your stack.
Block 1 — security (key for Supabase):
- RLS — priority #1. I will check EVERY table: whether a user can access foreign rows directly through PostgREST/REST API bypassing the interface (weak policy = client reads foreign data bypassing UI). Tests under different roles/accounts.
- Keys: the frontend should ONLY have the anon key, service_role — never. I will check the JS bundle for secret leaks.
- Auth: registration, email verification, password reset, session lifetime and invalidation, brute force protection.
- XSS / injections / validation; CORS; CSP / HSTS / X-Frame headers; TLS; rate limiting on sensitive endpoints.
- GDPR: proper account deletion and all data (without "soft-delete" remnants).
Block 2 — readiness: Lighthouse/PageSpeed with specific reasons and fixes; mobile responsiveness + cross-browser compatibility; forms, broken links, 404; basic SEO (meta/robots.txt/sitemap); correctness of analytics; backups + availability monitoring.
Result: structured report critical / high / medium / low — for each: essence → what it threatens → how to fix it (with an example). Plus a short executive summary with top risks.
Our experience: we work daily with Supabase/PostgreSQL+RLS, security headers (CSP/HSTS), GDPR deletion, and availability monitoring — this is the practice of GuardLabs. I will show public materials upon request.
To clarify: 1) how many tables are in Supabase and how many calculators? 2) how many user roles? 3) is the report more convenient in Markdown / PDF / table?
Estimated: €180, 4–5 days after access to the test copy and test accounts. If needed — I will separately help fix critical/high issues after the report.