Protecting applications, platforms, and digital assets from real-world threats

I help startups, SaaS companies, and growing businesses identify security risks before attackers do — through practical, manual security testing and clear remediation guidance.

Request Security Assessment

SECURED ASSETS FOR

[ VERDA ]
[ OOREDOO ]
[ TRIPICA ]
[ GRAWE ]
[ EDF ]
[ LECLERC ]
[ DEVOLUTIONS ]

Security Services

Web Application Security

Going beyond OWASP Top 10 to find logic flaws that scanners miss.

  • Business Logic & Workflow Analysis
  • Auth Bypass & Access Control (IDOR)
  • Advanced Injection Attacks (SQLi, SSTI)
  • Zero False Positives Guaranteed

API Security Testing

Comprehensive security assessment for REST, GraphQL, and SOAP APIs.

  • Broken Object Level Authorization (BOLA)
  • Mass Assignment & Data Exposure
  • Rate Limiting & Throttling Bypasses
  • JWT & Token Security Analysis

Cloud Security Review

Identifying misconfigurations in AWS, Azure, and GCP environments.

  • IAM Privilege Escalation vectors
  • S3/Storage Public Exposure checks
  • Security Group & Network Audits
  • Kubernetes & Container Security

Mobile App Security

Full-coverage security testing for Android and iOS applications.

  • Static (SAST) & Dynamic (DAST) Analysis
  • Root Detection & Tampering Bypass
  • Insecure Data Storage & Leakage
  • Backend API Traffic Interception

How I Work

Scoping & Understanding

Understand the application, business logic, and risk tolerance.

Manual Security Testing

Hands-on testing focused on real exploitation — not automated scans.

Validation & Risk Analysis

Only real, reproducible issues are reported.

Clear Reporting

Technical details for developers and risk summaries for decision-makers.

Remediation Guidance

Practical steps to fix issues and prevent recurrence.

About & Experience

Who I Am

I'm a cybersecurity consultant specializing in manual penetration testing and vulnerability assessment. With certifications including OSCP, CISSP, CEH, and AWS Security Specialty, I bring a comprehensive understanding of security across web applications, APIs, mobile apps, and cloud infrastructure.

5+ Years Experience
50+ Projects Secured
100+ Critical Findings

My Approach

Unlike automated scanners that generate noise and false positives, I focus on manual, context-aware testing. Every vulnerability I report is manually validated, includes proof-of-concept, and comes with clear remediation guidance. I don't just find vulnerabilities—I help you understand their real-world impact and how to fix them.

What Sets Me Apart

  • Manual-First Testing: I dig deep into business logic, authentication flows, and complex attack chains that automated tools miss completely.
  • Clear Communication: Reports designed for both technical teams and executives, with actionable recommendations and business impact analysis.
  • Remediation Support: I don't disappear after delivering the report. I help your team understand fixes and verify remediation.

Industry Credentials

🛡️

OSCP

OffSec Certified Professional

🔐

CISSP

ISC2 Certified

⚔️

CEH

Certified Ethical Hacker

☁️

AWS Security

Specialty Certified

120+ manually validated security checks

No scanners. No false positives. Just real risk.

Let’s Talk