Case Studies

Real engagements. Real results.

Sherlock Forensics has completed hundreds of cybersecurity engagements since 2004. These anonymized composite case studies represent typical outcomes from penetration tests (starting at $1,500 CAD), incident response, SOC 2 compliance assessments ($12,000 CAD) and PCI DSS audits ($5,000 CAD). All engagements led by Ryan Purita, CISSP, ISSAP, ISSMP.

Case Study 01

SaaS startup pre-launch AI code audit

Service: Quick Security Audit
Investment: $1,500 CAD
Timeline: 5 business days
Industry: SaaS / Technology

The Challenge

A 3-person SaaS startup had built their entire product using AI coding tools over a 6-week sprint. They were 10 days from their public launch and investor demo. The CTO knew the code worked but had no idea whether it was secure. They had never run a security test of any kind.

Our Approach

We performed a Quick Security Audit covering the production web application, API endpoints and authentication system. Testing combined automated vulnerability scanning with manual expert review. We focused on the OWASP Top 10, authentication logic, API authorization and secrets exposure - the areas where AI-generated code fails most often.

Key Findings

Finding Severity Impact
Hardcoded API keys in client-side JavaScriptCriticalFull Stripe API access from browser console
SQL injection in search endpointCriticalComplete database extraction
Broken access control (IDOR)CriticalAny user could access any other user's data
Missing rate limiting on loginHighUnlimited brute-force attempts
Exposed .env file in productionHighDatabase credentials visible publicly
No CSRF protection on state-changing endpointsHighAccount takeover via crafted links
Reflected XSS in error messagesMediumSession hijacking
Missing security headersLowClickjacking and content sniffing

Outcome

The development team fixed all 8 vulnerabilities in 3 days using our remediation guidance. They launched on schedule with a clean security posture. The audit report was included in their investor data room and referenced during their seed round due diligence.

"We built the whole thing with Cursor in six weeks. We had no idea our search bar was a direct line to the database. The $1,500 audit saved us from launching with a breach waiting to happen."

- CTO, SaaS startup (name withheld)

Order a Quick Audit - $1,500 CAD

Case Study 02

Law firm incident response after email compromise

Service: Incident Response
Industry: Legal
Breach Duration: 6 weeks of unauthorized access
Containment Time: 4 hours from engagement

The Challenge

A mid-size law firm discovered that a partner's email account had been compromised through a phishing attack. The attacker had maintained access for approximately 6 weeks before the firm's accounting department noticed suspicious wire transfer instructions being sent to clients. The firm needed immediate containment, a forensic investigation to determine the scope of the breach and documentation suitable for their insurance carrier and regulatory obligations.

Our Approach

Ryan Purita led the incident response engagement personally. Within 4 hours of the initial call, we contained the breach by revoking compromised credentials, implementing conditional access policies and preserving forensic evidence from the email platform. Over the following 5 business days, we conducted a full forensic investigation covering email logs, login history, forwarding rules and data exfiltration indicators.

Key Findings

Finding Detail
Attack vectorSpear-phishing email impersonating a court filing service
Compromised accounts3 (1 partner, 2 associates via forwarding rules)
Emails accessedApproximately 14,000 emails read or forwarded
Fraudulent wire instructions4 attempted, 1 successful ($87,000)
Hidden forwarding rules7 rules forwarding emails containing keywords like "wire", "retainer", "trust account"
MFA status at time of breachNot enabled on any account

Outcome

The breach was contained within 4 hours. Our forensic report documented the full timeline, scope of data exposure and evidence chain. The report was accepted by the firm's cyber insurance carrier and used for their mandatory breach notification under PIPEDA. The firm's insurance covered the $87,000 loss and investigation costs. We subsequently hardened their environment with MFA, conditional access and email security policies.

"When we realized the breach had been active for six weeks, we were terrified. Ryan's team had it contained before the end of the day. The forensic report was exactly what our insurer needed."

- Managing Partner, law firm (name withheld)

Get Incident Response Help

Case Study 03

Manufacturing SOC 2 penetration test

Service: Comprehensive Security Assessment
Investment: $12,000 CAD
Timeline: 18 business days
Industry: Manufacturing / Industrial

The Challenge

A mid-market manufacturer was pursuing SOC 2 Type II certification to retain a major enterprise customer. Their auditor required a penetration test covering both external and internal networks. The company had an office network with 180 devices, a customer-facing web portal and a warehouse management system. They had never undergone a penetration test.

Our Approach

We deployed a comprehensive assessment covering the full external attack surface and the internal network via ShadowTap, our pre-configured device shipped directly to their office. The ShadowTap device connected to our lab over an encrypted tunnel, giving us internal network access without requiring VPN configuration or firewall changes on the client's end. We also ran a phishing simulation campaign targeting 45 employees.

Key Findings

Category Count Highlights
Critical4Domain admin via printer NTLM relay, default creds on warehouse DB, exposed RDP, SQL injection in portal
High7Unpatched SMBv1, weak WiFi PSK, no network segmentation, missing MFA on VPN
Medium8LLMNR/NBT-NS poisoning, outdated SSL/TLS, missing security headers
Low / Info4DNS zone transfer, verbose error messages, unnecessary open ports
Phishing results-38% click rate, 18% credential submission rate (45 employees tested)

Outcome

The client remediated all critical and high findings within 30 days using our prioritized remediation roadmap. We performed a free retest (included with the comprehensive assessment) confirming all fixes. The final report with retest evidence was submitted to their SOC 2 auditor. They passed their SOC 2 Type II audit and retained their enterprise customer.

"The ShadowTap device made internal testing painless. We plugged it in and forgot about it. The report mapped every finding to MITRE ATT&CK, which was exactly what our auditor wanted to see."

- VP of Operations, manufacturing company (name withheld)

Order a Comprehensive Assessment - $12,000 CAD

Case Study 04

E-commerce PCI compliance penetration test

Service: Standard Penetration Test
Investment: $5,000 CAD
Timeline: 12 business days
Industry: E-commerce / Retail

The Challenge

A growing e-commerce company processing over $2M in annual card transactions needed a penetration test to satisfy PCI DSS Requirement 11.3. Their payment processor had flagged them for non-compliance and given a 90-day deadline. The site ran a custom checkout flow on a React frontend with a Node.js API backend.

Our Approach

We performed a standard penetration test covering the entire e-commerce application, checkout flow, customer account system and API. Testing included full OWASP Top 10 assessment, authentication and session management testing, payment flow analysis and business logic testing. We paid special attention to the checkout pipeline, gift card system and customer data endpoints.

Key Findings

Finding Severity PCI Impact
Stored XSS on checkout page via product reviewsCriticalCould capture card data from other customers during checkout
Gift card balance manipulation via negative quantitiesCriticalUnlimited store credit generation
IDOR on order history endpointCriticalAccess to any customer's order history including partial card numbers
Price manipulation via API parameter tamperingHighProducts purchasable at arbitrary prices
Missing rate limiting on coupon endpointHighBrute-force coupon code discovery
6 additional medium and low findingsMed/LowSecurity headers, session management, verbose errors

Outcome

The development team fixed all critical and high findings within 2 weeks. The stored XSS on checkout was particularly dangerous because it could have been used to skim payment card data from other customers in real time, a direct PCI violation. Our report satisfied PCI DSS Requirement 11.3 and was accepted by the payment processor. The company maintained its merchant account and avoided processing suspension.

"The stored XSS on our checkout page could have been used to steal card numbers from our customers in real time. We had no idea it was there. That single finding justified the entire engagement."

- Head of Engineering, e-commerce company (name withheld)

Order a Standard Pentest - $5,000 CAD

Get Started

Ready to secure your organization?

Order a penetration test or security audit online. No calls required. Pricing starts at $1,500 CAD.

Order Online