A few months ago, I ran into a problem I couldn't ignore.
I was building software with payments, wallets, settlements and complex workflows. Everything looked fine. The tests passed. The API worked.
But I kept asking myself one question.
What if someone abuses the business logic?
I searched for tools that could answer that. Most of them focused on dependencies, code quality and common security issues. Those are important, but they weren't answering the questions I cared about.
Can someone withdraw before settlement?
Can a payment flow be bypassed?
Can a workflow end up in a state it was never supposed to reach?
I couldn't find what I was looking for, so I started building it.
That project became OSE Auditor.
OSE is built to analyze how an application behaves, not just how the code looks. The goal is simple, help developers catch business logic and workflow issues before they become production incidents.
Today, I'm releasing the first public version. Try OSE Auditor
This is just the beginning. I'll be testing OSE against real projects, sharing the results publicly and improving it with feedback from developers and security researchers.
If you're building fintech, marketplaces, SaaS or Web3 applications, I'd love to hear what you think.
Top comments (0)