Roast My Stack

Built for sharing: one link, one roast, concrete weaknesses and next steps. Not a pentest — verify everything in your environment.

AI-generated orientation, not a penetration test. Threat model and verify everything in your own environment.

Weekly Security Report

Critical CVEs, fix guides, and hardening tips — free, every week.

I agree to receive the weekly security newsletter. Unsubscribe anytime. Privacy

DSGVO-konform·No spam, no tracking·Unsubscribe anytime

Example stacks to try

Nginx + Let's Encrypt + Ubuntu 22.04

Nginx 1.24, Ubuntu 22.04, Let's Encrypt, no WAF, no Fail2ban

Kubernetes on Hetzner with ArgoCD

K8s 1.29, ArgoCD, Hetzner Cloud, no Network Policy, no Pod Security

Node.js API + PostgreSQL + Redis

Node 20, Express, PostgreSQL 15, Redis, no rate limiting, JWT without rotation

Is this a real security audit?

No. The roast is an AI-assisted, humorous analysis of public risk indicators. For binding conclusions you need a real pentest.

What do I enter?

Your tech stack: software used, versions, cloud provider, network configuration. The more detail, the more precise the findings.

Is my stack stored?

No. Inputs are not stored permanently. The roast runs stateless on EU servers.

What do I do after the roast?

Prioritise the findings, open the matching runbooks and work through them step by step. The roast link is shareable — great for team reviews.