Cybersecurity Red Team, Web/API/Mobile Pentesting & AI Security Testing

I am a cybersecurity professional specializing in authorized red team testing, web application security, API security, mobile app security, and AI-assisted penetration testing.

I help businesses identify security weaknesses before attackers can exploit them. My work focuses on practical, real-world security testing across login systems, dashboards, admin panels, APIs, mobile applications, authentication flows, session handling, JWT tokens, access control, and exposed external assets.

My testing can cover vulnerabilities such as broken access control, IDOR, authentication bypass, insecure JWT handling, weak session management, exposed admin panels, insecure file uploads, SSRF, injection flaws, sensitive data exposure, hardcoded secrets, insecure mobile storage, API abuse, and business logic issues.

I also have experience building and using AI-assisted security workflows to support reconnaissance, testing, evidence collection, reporting, and remediation tracking. This allows me to work efficiently while still keeping human review, authorization, and safety controls at the center of the process.

My goal is not just to find vulnerabilities, but to explain them clearly. I provide reports that include risk ratings, business impact, proof-of-concept evidence, screenshots where required, reproduction steps, and developer-friendly remediation guidance.

I only perform security testing with written authorization and within the agreed scope. I do not perform illegal hacking, credential theft, destructive testing, or testing against systems the client does not own or control.

Services I can provide include web application penetration testing, API security testing, Android mobile app security testing, JWT and session security review, external attack surface review, vulnerability retesting, AI red teaming, and security report writing.

Work Terms

I work on authorized security testing projects with a clearly agreed scope before any testing begins.

Before starting, I prefer to confirm the target systems, testing dates, allowed techniques, out-of-scope areas, test accounts if needed, emergency contact details, and reporting expectations. Written authorization is required before any penetration testing, red team testing, API testing, mobile testing, or external security review.

Preferred communication is through Guru messages, email, or scheduled calls when needed. I provide regular updates during the project, especially when high-risk findings are discovered.

Payment can be hourly or fixed-price depending on the project. For fixed-price work, I prefer milestone-based payments through Guru SafePay. For larger projects, the scope can be split into phases such as reconnaissance, testing, reporting, and retesting.

Typical deliverables may include a professional security report, vulnerability details, risk ratings, reproduction steps, screenshots, proof-of-concept evidence, business impact, remediation guidance, and retest results after fixes are applied.

I am available for short-term security reviews, focused vulnerability testing, and longer penetration testing projects. My working hours are flexible, and I can coordinate across different time zones when required.