Test your RLS
before hackers do

Automatically generate and run attack vectors against your database's Row Level Security policies to find vulnerabilities before they're exploited.

Test Your Policies How It Works

Secure your data today

Our platform automatically generates attack vectors to test your database's Row Level Security policies, helping you identify and fix vulnerabilities before they can be exploited.

Input Your Policies

Provide your database schema, RLS policies, and additional context about your application's security requirements.

Generate Attack Vectors

We automatically create test queries that simulate how malicious users might try to bypass your security rules that you can test directly against your database.

Get Actionable Results

Review failed tests and generate new RLS policies to secure your database.

RLS Policy Improvement

Vulnerable Policy

-- Original RLS policy
CREATE POLICY "Users can only access their own data"
ON "public"."profiles"
FOR ALL
USING (auth.uid() = user_id)
WITH CHECK (auth.uid() = user_id);

-- Vulnerability
-- This policy doesn't account for role-based access
-- and can be bypassed by users with admin roles

Clamp-Improved Policy

-- Clamp-recommended fix
CREATE POLICY "Users can only access their own data"
ON "public"."profiles"
FOR ALL
USING (auth.uid() = user_id AND NOT EXISTS (
  SELECT 1 FROM user_roles 
  WHERE user_id = profiles.user_id AND role = 'admin'
))
WITH CHECK (auth.uid() = user_id);

-- Security improvement
-- This policy prevents the role-based bypass
-- by explicitly checking for admin roles

Detected Attack Vector

-- Clamp-generated test query that would bypass the original policy
SELECT * FROM profiles 
WHERE user_id IN (
  SELECT user_id FROM user_roles 
  WHERE role = 'admin'
);

Complete
security testing

Our platform offers comprehensive testing for both anonymous and authenticated user scenarios, helping you identify vulnerabilities that traditional testing might miss.

Anonymous Role Testing

Test how your database responds to unauthenticated users. Identify if public data is properly protected and if sensitive information is accessible.

Public data accessible

Private user data protected

Authenticated Role Testing

Simulate authenticated users attempting to access data they shouldn't have permission to view, modify, or delete. Test multi-tenant data isolation.

User A cannot access User B's data

Potential vulnerability in join tables

Fix vulnerabilities with AI assistance

Our platform not only identifies security issues but also suggests improved RLS policies to fix the vulnerabilities, complete with explanations of why they work.

Vulnerability Report

3 issues found

Critical: Data Leakage in User Profiles

Current Policy

CREATE POLICY "Users can view profiles" ON profiles FOR SELECT USING (true);

This policy allows anyone to view all user profiles, including private information.

Recommended Fix

CREATE POLICY "Users can view profiles" ON profiles FOR SELECT USING (auth.uid() = user_id OR is_public = true);

This policy ensures users can only view their own profiles or profiles marked as public.

Secure your database today

Don't wait for a breach to discover your RLS vulnerabilities.
Start testing your policies now, free for anonymous role testing.

Start Testing for Free View Documentation

Test your RLSbefore hackers do