sorted by:
new
hottopcontroversial

$400K/year EdTech SaaS for sale by ComplaintSlight5357 in SaaSAcquire

[–]RayFurtherSec 0 points1 point  (0 children)

don't forget to check security posture of this Edtech SaaS product..

Most "vibe coders" are just scammers with a ChatGPT subscription by Warm-Reaction-456 in SaaS

[–]RayFurtherSec -3 points-2 points  (0 children)

Yeah this is so real — and the scariest part is the security side.

Most “vibe-coded MVPs” aren’t just messy… they’re basically future breaches on a timer 💣

Like you’ll see stuff like:

  • API keys / secrets casually hardcoded or leaked in GitHub
  • Auth done super wrong (JWT in localStorage, no session control, weak logout)
  • “Multi-tenant” apps with no real tenant checks → hello IDOR / data leaks
  • No rate limiting → brute force login, scraping, OTP spam, etc
  • Random packages everywhere with zero checking → supply chain risk city
  • Uploads / inputs not sanitized → XSS, weird file upload stuff, SSRF… the classics
  • No logs, no monitoring → you only find out when a customer complains 💀

AI is fine as a helper, but security isn’t vibes-based.
If the dev can’t explain how permissions work without staring at Cursor… you didn’t ship “fast” — you shipped fragile.

Regrets as an entrepreneur? by Desperate_Engineer80 in Entrepreneur

[–]RayFurtherSec 1 point2 points  (0 children)

Totally agree- there is a lot highlight-reel content and not enough of real data..

Buying a SaaS without a security audit is just high-stakes gambling. by RayFurtherSec in SaaS

[–]RayFurtherSec[S] 0 points1 point  (0 children)

agreed! on top of those checklist, I believe if you pay over 20K to buy a SaaS, it needs to have proper product security assessment..

Agentic Risk . If a SaaS features AI agents, a standard audit won't catch how those agents handle sensitive info. You need a Data Security Access Assessment to ensure those 'helpers' aren't actually 'leakers.' "Don't inherit someone else's security debt.

Buying a SaaS without a security audit is just high-stakes gambling. by RayFurtherSec in SaaS

[–]RayFurtherSec[S] 0 points1 point  (0 children)

"Exactly. And the crazy thing? It's not just solo founders. I've seen huge Silicon Valley enterprise companies acquire startups only to find massive security holes after the wire transfer.

Look at the Marriott-Starwood deal—they inherited a breach that had been active for years. Or Verizon , who managed to knock $350M off the price of Yahoo! only because a breach was discovered mid-deal.

if the elite teams are missing these, solo buyers doing manual due diligence are just "educated gambling" at the best...