I provide developer-friendly web penetration testing focused on finding real security issues, demonstrating risk with proof-of-concept, and giving clear, prioritized remediation steps.
What I test
Unauthenticated and authenticated testing
Cross-Site Scripting (XSS) — stored, reflected, DOM
SQL Injection (SQLi) and other injection flaws
Cross-Site Request Forgery (CSRF)
Broken authentication & session management
Insecure Direct Object References (IDOR) / broken access control
Server-Side Request Forgery (SSRF) and file upload flaws
Insecure deserialization, insecure configuration, and sensitive data exposure
Basic cloud/web server misconfigurations (if access/hostnames provided)