Skip to main content
Stackbastion

Rescue services

Fixed scope, fixed price, fixed turnaround. No open-ended hourly tab.

S

Secrets & Access Lockdown

3 business days

  • Rotate every exposed key; move privileged calls server-side
  • Lock down CORS to an explicit allow-list
  • Add rate limiting on auth and form endpoints
  • Stop debug/stack-trace leaks in error responses
  • Fix authorization (row-level security) gaps
  • Valid TLS + HSTS
  • Put admin routes behind real auth
  • Fix mislabeled client-exposed secrets
  • Publish SPF/DKIM/DMARC mail records

Not included: Backups, restore testing, monitoring, and hosting migration (see the Full Production Rescue).

Start with a free audit
M

Full Production Rescue + Migration

7–10 days

  • Everything in Secrets & Access Lockdown
  • Nightly backups with a timed, tested restore drill
  • Uptime monitoring with phone alerting
  • Move your app onto Stackbastion managed hosting
  • 1 month of your matching subscription tier included

Not included: Multi-app cleanup and GDPR documentation work (see Enterprise Shadow-App Cleanup).

Start with a free audit
L

Enterprise Shadow-App Cleanup

2–3 weeks

  • Full Production Rescue + Migration scope, per app
  • Inventory every shadow app in scope
  • GDPR records-of-processing documentation
  • Signed data processing agreement (DPA)
  • Migrate every in-scope app onto managed hosting

Not included: App-code bug fixes or new features (always out of scope, at any tier).

Start with a free audit

Example scenario

"ExampleCo" scored 12/30 on our free audit: a database key exposed in the frontend bundle, no working backup, and no uptime monitoring. A Full Production Rescue + Migration fixed the key exposure, stood up tested backups and monitoring, and moved the app onto managed hosting in under two weeks. (This is a labeled example, not a real customer, until we have one to share — see `ops/audit-report-template.md`.)

Full scope detail, mapped to each audit check: see docs/rescue/rescue-skus.md.