Summary
Refresh the NestJS case study so it follows the stronger measured-remediation structure used in the updated Juice Shop study.
Why
The current NestJS write-up has useful evidence, but it needs a clearer publication-grade structure built around measured remediation results.
The updated version should:
- include a strong top-line before/after table near the top
- document the exact NestJS revision used
- show the baseline scan and each remediation pass with real numbers
- explain what dropped out after the first pass and what remained for the second pass
- preserve honest remaining-risk discussion instead of forcing a zero-CVE framing
- make the narrative more useful for developers, OWASP reviewers, and outreach
Scope
Update docs/case-studies/nestjs.md to:
- rerun the case study against the reset local NestJS checkout
- capture a fresh baseline and measured follow-up scan results
- restructure the write-up to mirror the strongest parts of the Juice Shop study
- keep the claims factual, reproducible, and tied to the documented revision
Notes
This should remain a practical remediation narrative, not marketing copy.
Summary
Refresh the NestJS case study so it follows the stronger measured-remediation structure used in the updated Juice Shop study.
Why
The current NestJS write-up has useful evidence, but it needs a clearer publication-grade structure built around measured remediation results.
The updated version should:
Scope
Update
docs/case-studies/nestjs.mdto:Notes
This should remain a practical remediation narrative, not marketing copy.