Resolving a Critical SSO Security Issue
Tracked down a stubborn SSO vulnerability by rebuilding the auth flow from first principles.
EVS is a platform where users join anonymously to answer multi-format questions, with voice communication, chat, and real-time data features.
A serious SSO login security issue had resisted multiple attempts to resolve. Patches treated symptoms while the underlying flow stayed misunderstood.
I sat with the full SSO sequence end-to-end, built a small isolated proof-of-concept to reproduce the handshake, and used the controlled reproduction to pin down the real defect rather than guessing.
The root cause was identified and resolved, restoring secure login behavior and clearing a long-standing audit risk.
- First implementation of Twilio conference
- SQS-based asynchronous processing
- GraphQL event-sharing research and implementation
- Module development and complex bug fixes
- Security issue resolution from SOX / SOC2 audit findings
Shows research depth, persistence, security thinking, and ownership of work most engineers walk away from.