About Me

Application Security Engineer

Embedding security across the SDLC, from Threat Modeling and Product Security to DevSecOps and Offensive Security testing.

My Journey

My journey in technology began with full stack web development, where I built robust applications using the JavaScript stack, including React, Node.js, Express, and modern frontend frameworks. This foundation gave me deep insight into how web applications are built, how they function, and where their vulnerabilities might lie.

I have a strong programming background and a genuine love for Go and Python. These languages have become essential tools in my security work, allowing me to develop custom security testing tools, automate vulnerability assessments, and create proof-of-concept exploits that demonstrate real-world security risks.

While I appreciate the art of building applications, my true passion lies in offensive security and securing web applications. The challenge of thinking like an attacker, identifying vulnerabilities before they're exploited, and systematically breaking down security defenses is what drives my work.

Today, I specialize in Application Security Engineering, conducting comprehensive security assessments through manual testing, custom tool development, and deep understanding of web applications, architectures and APIs. My development background gives me a unique perspective. I understand both how applications are built and how they can be broken.

I focus extensively on the OWASP Top 10 vulnerabilities, systematically testing for injection flaws, broken authentication, sensitive data exposure, and other critical security weaknesses that pose real threats to web applications. This methodical approach ensures comprehensive coverage of the most common and dangerous vulnerabilities affecting modern web applications.

🔒
Secure SDLC
🎯
Threat Modeling
🔌
API Security
⚙️
DevSecOps
🔍
Secure Code Review
🔴
Offensive Security
6
Years Web Development
4+
Years Security

What I Do

Embed security into software development lifecycle (Secure SDLC)
Conduct threat modeling using frameworks like STRIDE, CAPEC and OWASP Libraries
Perform penetration testing of web applications and APIs
Carry out manual secure code reviews for vulnerabilities
Implement DevSecOps practices with SAST/SCA/DAST tools
Design and assess product security architectures

Ready to Secure Your Web Applications?

I provide expert penetration testing for web applications, uncovering and helping remediate critical vulnerabilities. Reach out to discuss how I can help secure your systems.

Let's Talk