AbdulRazaqSuleiman
Application Security Engineer
I help teams ship secure software with confidence through threat modeling, secure design, secure code review, DevSecOps, and hands-on application security testing.
- Secure SDLC
- Threat Modeling
- Product Security
- API Security
- DevSecOps
- Offensive Security
Application Security
Engineer
As an Application Security Engineer, I embed security across the full software lifecycle, from Secure SDLC and Threat Modeling to Product Security, DevSecOps, and hands-on Offensive Security.
I bridge defensive engineering with rigorous attack simulation, including penetration testing, vulnerability research, and security architecture, to validate controls, accelerate secure delivery, and find what automated tools miss before adversaries do.
Secure SDLC
Security embedded across design, build, and release with threat modeling early in the process
Threat Modeling
Systematic risk identification using STRIDE, MITRE's CAPEC, ATT&CK, OWASP Libraries and LINDDUN for privacy-focused threat analysis
Product Security
Protecting applications, APIs, and user data at scale with secure architecture
API Security
Securing APIs from design to production deployment with OAuth2, JWT, and OWASP API Top 10
DevSecOps
Automated security gates in CI/CD pipelines with SAST, SCA, and DAST
Offensive Security
Penetration testing and attack simulation for web applications and APIs
SAST/SCA/DAST
Static, Software Composition Analysis, and Dynamic Application Security Testing
Secure Code Review
Manual and automated code audits for vulnerabilities in web applications and APIs
Vulnerability Research
Deep diving to discover and exploit complex security flaws before adversaries
Security Assessment Services
I help organizations secure web and API-driven applications through a combination of defensive engineering and offensive security testing. From threat modeling and secure SDLC to penetration testing and DevSecOps, I work with teams to identify and mitigate risks early, ensuring systems are secure by design.
Web Application Penetration Testing
Comprehensive offensive security testing of web applications. I conduct deep reconnaissance, manual vulnerability exploitation, and proof-of-concept development to identify critical security flaws including injection attacks, authentication bypasses, and authorization vulnerabilities.
API Security Testing
Specialized penetration testing of REST and GraphQL APIs. I identify authentication bypasses, authorization flaws, insecure direct object references, and data exposure vulnerabilities through manual testing and custom tooling.
Threat Modeling & Secure SDLC
Embed security into the software development lifecycle from day one. I conduct threat modeling using STRIDE, MITRE's CAPEC, ATT&CK, OWASP Libraries and LINDDUN frameworks to identify risks before code is written, and implement secure SDLC practices.
DevSecOps & Security Automation
Automate security gates in CI/CD pipelines with SAST, SCA, and DAST to catch vulnerabilities early. I help teams integrate security into their existing workflows without slowing them down.
Secure Code Reviews
Manual and automated code audits to identify vulnerabilities in web applications and APIs. I look for security flaws that automated scanners often miss, focusing on secure coding practices.
Product Security & Architecture
Design and build security into products from the ground up. I work with product teams to ensure applications, APIs, and user data are protected at scale through robust security architecture.
Professional Experience
Loading experiences...
Professional Credentials
Let's Discuss
Your Security Needs
I help teams strengthen their application security program, from Secure SDLC and Threat Modeling to Product Security, DevSecOps, and Offensive Security testing.