Built to uncover real security issues that most teams overlook.
The Hidden Finds is an application security-focused initiative providing SaaS security, API security testing, and vulnerability assessment for modern web platforms.
It was created with a clear focus: move beyond automated scans and generic reports, and instead uncover vulnerabilities that can be realistically exploited in production environments.
Founded by Ehtesham Ul Haq, an application security consultant, the work is centered around practical, hands-on testing — including penetration testing, API security analysis, and deep assessment of authentication and access control mechanisms.
The approach prioritizes identifying business logic flaws, broken access control, and real attack paths that impact how systems function and how users interact with them.
Rather than focusing on low-impact issues, The Hidden Finds emphasizes depth, clarity, and vulnerabilities that carry real security and business risk.
For a deeper look into the approach and background, see whoami.
The Hidden Finds is an application security-focused initiative providing SaaS security, API security testing, penetration testing, and vulnerability assessment for modern web platforms.
Since 2021, the focus has been on helping SaaS companies, startups, and API-driven platforms identify real vulnerabilities that are often missed in routine security assessments.
Over time, The Hidden Finds has worked with a wide range of clients, delivering application security services and building strong relationships through practical, results-driven testing.
The approach goes beyond automated scans and generic reporting. Each assessment is centered around understanding how a system actually functions — how users interact with it, how APIs behave, and where real attack paths can exist.
This includes deep testing of authentication mechanisms, access control systems, and business logic — areas where critical vulnerabilities such as IDOR, broken access control, and workflow abuse commonly occur.
Rather than focusing on low-impact issues, the priority is identifying vulnerabilities that carry real security and business risk.
The Hidden Finds continues to evolve with modern technologies, cloud-based architectures, and emerging application patterns — ensuring that security testing remains relevant, practical, and aligned with how platforms are built today.
The Hidden Finds focuses on identifying high-impact vulnerabilities in modern applications, APIs, and SaaS platforms — with an emphasis on real-world exploitability and business impact.
Security is not just about finding vulnerabilities — it’s about understanding how they impact real systems and real users.
Tell us what you’d like to assess — web application, API, authentication flow, or overall security posture. We’ll review your request and get back to you with the next steps.
The Hidden Finds helps businesses identify real security weaknesses across web applications, APIs, and digital assets — so you can operate with confidence and reduce risk.
+1(512) 518-0065
30 N. Gould St., Ste. 7000
Sheridan, Wyoming 82801 United States
