Operational Dashboard

Real-time QA, security and compliance posture.

correlation: SEC-991-ABX · last scan: 2026-05-07

Security Score

OWASP API · BOLA · IDOR

Compliance Score

LGPD · SOC2 · ISO 27001

API Health

HEALTHY

across monitored endpoints

Threat Level

HIGH

composite risk classification

Incidents

open · last 24h

SLA

99.94%

rolling 7-day availability

Avg Response

218ms

p95 across endpoints

Last Validation

2026-05-07

Newman · Postman pipeline

Incident Timeline

last 7 days

Compliance Evolution

6 months

API Performance

p50 / p95 (ms)

SLA Analytics

weekly availability

Validation History

14 days

Incident Center

4 open

CRITICAL/payment/process

Broken Authorization

Endpoint accepted forged JWT with admin scope (BOLA/IDOR class).

Recommendation

Apply RBAC validation middleware

SEC-991-ABX2026-05-07 14:22 UTC

HIGH/users/{id}

Sensitive Data Exposure

Response leaked CPF and phone for cross-tenant user IDs.

Recommendation

Mask PII fields in response projection

SEC-984-LMN2026-05-07 11:08 UTC

MEDIUM/auth/login

Missing Security Headers

HSTS, X-Frame-Options and CSP missing on login route.

Recommendation

Add Strict-Transport-Security and X-Content-Type-Options

SEC-977-QRP2026-05-06 19:45 UTC

LOW/healthz

SLA Drift

p95 latency drifted 8% above baseline for 12 minutes.

Recommendation

Investigate upstream cache warm-up window

SEC-971-TWX2026-05-06 08:12 UTC