The latest articles on DEV Community by Threat Locator (@threatlocator). https://dev.to/threatlocator https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3861438%2F9a0903e5-7ae5-442a-b621-68279056380d.png https://dev.to/threatlocator en Threat Locator Sat, 04 Apr 2026 19:38:20 +0000 https://dev.to/threatlocator/what-attackers-see-when-they-scan-your-saas-domain-3hci https://dev.to/threatlocator/what-attackers-see-when-they-scan-your-saas-domain-3hci <p>You ship a feature. You move on. An attacker scans your domain that same night.</p> <p>Here is what they find on a typical SaaS:</p> <ul> <li>Postgres on 5432 exposed to the internet. Redis on 6379 same. One firewall rule away from gone.</li> <li>OpenAI keys sitting in your frontend JS bundle. Cursor wrote them there. Nobody noticed.</li> <li>A CNAME pointing to a service you stopped paying for six months ago. Subdomain takeover waiting to happen.</li> <li>Response headers announcing your exact framework and version. Free CVE lookup for anyone paying attention.</li> </ul> <p>I kept finding this stuff manually across projects so I built a scanner to automate it. Still in waitlist but if you want early access: threatlocator.com</p> <p>What is the worst thing you have found exposed on your own infra?</p> cybersecurity security startup devops