Leaklens

A production-ready SaaS application that continuously scans, scores, and protects web assets with deep security intelligence

Comment

LeakLens Devpost Submission

Inspiration

The inspiration for LeakLens came from a recurring problem faced by developers and small teams: security is often an afterthought until something breaks. We noticed that while enterprise-level security scanners exist, they are frequently too expensive, overly complex to set up, or provide data that is difficult for non-security experts to interpret. We wanted to build a "Security Command Center" that was as developer-friendly as Vercel or Netlify—a tool that makes deep security intelligence accessible, automated, and actionable for everyone from indie hackers to growing agencies.

What it does

LeakLens is a real-time website security monitoring platform that continuously scans, scores, and protects web assets. Users can add their domains, verify ownership via DNS or meta tags, and receive automated deep security audits.

The platform evaluates:

  • SSL/TLS Health: Real-time handshake checks and expiry tracking.
  • Security Headers: Analysis of CSP, HSTS, X-Frame-Options, and more.
  • Vulnerability Detection: Technology fingerprinting to match against known CVEs.
  • Exposure Finder: Detecting exposed configuration files and sensitive endpoints.
  • Composite Scoring: A weighted 0-100 security score that translates complex technical data into an easy-to-understand posture rating.

With scheduled scans, smart notifications, and shareable reports, LeakLens ensures that security regressions are caught before they can be exploited.

How we built it

LeakLens is built on a modern, high-performance stack designed for scale and security:

  • Frontend: React 19 with TypeScript and Vite. We used shadcn/ui for a polished, accessible interface and Tailwind CSS for responsive styling. Data visualizations are powered by Recharts.
  • Backend: Supabase provides our PostgreSQL database, Authentication, and Edge Functions.
  • Scanning Engine: The core intelligence is built using Deno Edge Functions. We leveraged Deno's connectTls and network APIs to perform raw TLS handshakes and deep HTTP analysis directly from the edge, eliminating the need for heavy, dedicated scanning servers.
  • Automation: We utilized Supabase pg_cron to orchestrate scheduled scans and handle background processing for our notification system.

Challenges we ran into

One of the biggest technical hurdles was performing Real-Time TLS Handshakes in a serverless environment. Deno's edge runtime provides raw network access, but extracting detailed certificate metadata (like issuer and validity) required robust parsing of the peer certificate object with complex fallback logic for various server configurations.

Another challenge was Scan Reliability. The internet is messy—domains often have infinite redirect loops, slow response times, or non-standard headers. We had to implement a sophisticated "graceful degradation" system using AbortSignal and custom timeout logic to ensure that even if a part of a scan fails, the user still receives all other available security data rather than a generic error message.

Accomplishments that we're proud of

We are particularly proud of our Weighted Scoring Algorithm. It’s easy to list errors, but it’s hard to tell a user how "safe" they are. We successfully developed a system that weights critical issues (like expired SSL or missing HSTS) more heavily than minor ones (like a missing Permissions-Policy), providing a score that actually correlates with real-world risk. We are also proud of the Site Health Dashboard, which provides a real-time "heartbeat" of a website's security with zero latency.

What we learned

This project was a deep dive into the power of Edge Computing. We learned that Deno Edge Functions are incredibly capable for network-level security tasks that traditionally required full VMs. We also gained a deep appreciation for Row-Level Security (RLS) in Supabase; designing a multi-tenant SaaS where users can only see their own scan data required a "security-first" mindset from the very first line of database schema. Finally, we learned that UX in Security matters—minimizing clutter and providing "copy-paste" remediation steps makes users much more likely to actually fix their vulnerabilities.

What's next for LeakLens

The roadmap for LeakLens is focused on automation and intelligence:

  • AI-Powered Remediation: Integrating LLMs to generate custom, context-aware fix scripts for the specific server stack detected (e.g., providing the exact Nginx or Apache config needed).
  • CI/CD Integration: Launching a GitHub Action so that a security scan is automatically triggered every time a developer pushes code.
  • Expanded Alerts: Adding Slack, Discord, and Webhook integrations for instant critical vulnerability alerts.
  • Global Monitoring: Expanding our health checks to multiple regions to detect latency and security issues that only affect specific geographic locations.

Built With

Share this project:

Updates