auth()
rls
api
rolepolicy
row
jwt
keybucket
rpc
scan
logroute
hook
id
paytoken
edge
user
file
SaaS security quiz
Is your AI-built SaaSquietly exposed?
Answer 5 quick questions and get the free GhostCode Audit Checklist - a founder-friendly security checklist to fix the most common issues before attackers find them.
Takes 60 seconds. No code access required. No fake pentest claims.
ghostcode://audit-checklist
The GhostCode Audit Checklist
Supabase / Database
Review RLS, policies, RPC permissions, service role handling, and row ownership.
Auth & Sessions
Verify protected routes, admin checks, reset flows, callbacks, and role changes.
APIs & Endpoints
List public endpoints, test direct calls, check authorization, rate limits, and ID access.