SEBI Compliance Audit

1. Adversarial AI Testing

• What We Do: Test AI/ML-driven apps for model poisoning, data leakage, and adversarial inputs (e.g., fooling fraud detection systems).

• Tools: Custom fuzzing frameworks + MITRE ATLAS techniques.

• Outcome: Report on exploitable biases, training data risks, and API integrity gaps.

2. API Attack Chaining

• What We Do: Chain vulnerabilities across REST, GraphQL, and gRPC APIs (e.g., BOLA → JWT spoofing → data exfiltration).

• Methodology: OWASP API Top 10 + proprietary attack trees 510.

• Outcome: End-to-end exploit scenarios with CVSS 4.0 scoring.

3. Serverless/Edge Security Testing

• What We Do: Assess serverless functions (AWS Lambda/Azure Functions) for cold-start exploits, IAM misconfigurations, and event injection.

• Coverage: AWS API Gateway, Cloudflare Workers, and edge-compute setups.

• Outcome: Architecture review + least-privilege IAM templates.

4. Real-Time Virtual Patching

• What We Do: Deploy WAF rules during testing to block critical vulnerabilities (CVE-2025-XXXX) without code changes.

• Tech Stack: AI-driven WAF (like Indusface’s SwyftComply) + manual rule tuning.

• Outcome: Zero-day mitigation SLA (<4 hours) for critical flaws.

5. Compliance-as-Code Integration

• What We Do: Auto-generate audit-ready reports mapped to DPDP Act 2023, CERT-In directives, and PCI DSS 4.0.

• Automation: Terraform scripts for hardening checks + GitLab CI/CD hooks.

• Outcome: Continuous compliance dashboards for CISOs.