Skip to content

About Vezraa

Vezraa is a security scanner built for the vibe coding era — for apps created with Cursor, Lovable, Bolt.new, v0, Replit, and other AI coding tools. We exist because AI tools are remarkably good at building functional apps and remarkably bad at building secure ones.

Why we built this

In 2025, a researcher found over 5,000 AI-generated apps leaking user data because Supabase Row Level Security was disabled by default. Every one of those apps was built by a founder who thought they were shipping a finished product.

Existing security tools are built for enterprises: they require repo access, CLI installation, CI/CD setup, and security team expertise. A solo founder with a Lovable app has none of these. They need something they can run in 25 seconds with just their app's URL.

That's Vezraa. Paste your URL. Get your findings. Get the fix prompt.

What we scan

Vezraa checks 90+ audit categories across security, performance, compliance, payments, AI/LLM safety, and operational health. Every finding includes the actual request we made, the actual response we got, and a paste-ready fix prompt you can drop into Cursor or Claude.

  • Exposed API keys and secrets in JavaScript bundles
  • Supabase Row Level Security misconfiguration (live database testing)
  • Missing HTTP security headers (CSP, HSTS, X-Frame-Options)
  • Unauthenticated admin routes
  • Payment webhook signature verification (Razorpay, Stripe)
  • LLM endpoint rate limiting and cost guard gaps
  • OWASP LLM Top 10 compliance
  • GDPR and DPDP compliance gaps
  • Supply chain and dependency vulnerabilities
  • DNS security (SPF, DKIM, DMARC)

How we operate

Vezraa is a read-only scanner. We fetch your public pages, headers, HTML, and JavaScript bundles. We probe public route responses. We never write to your app, never store credentials, and never require any access tokens. If you can access it from a browser, so can we.

Scans run in 25–30 seconds. Results are delivered as a scored report with severity levels (Critical, High, Medium, Low, Info) and one-paste fix prompts for each finding.

Built for India, available worldwide

Vezraa is built by an Indian indie founder for a global audience. We accept INR payments via Razorpay and USD payments internationally. Our compliance checks cover GDPR (EU), DPDP (India), and standard web security frameworks (OWASP, CWE, CVSS).

Contact

For support, security disclosures, or partnership inquiries: udayakirantumma@gmail.comfo

For responsible disclosure of vulnerabilities in Vezraa itself, see our security.txt.

Ready to find what your AI-built app exposes?

Start Scanning →

Key resources

About Vezraa | Vezraa