APPLICATION / API / INFRASTRUCTURE

Follow the attack path.
Fix the real risk.

High-impact vulnerabilities hide in the connections between mobile apps, APIs, identity and cloud infrastructure. That is exactly where I look.

01ANDROID
CLIENT
02API
GATEWAY
03IDENTITY
LAYER
04BUSINESS
LOGIC
05CLOUD
SERVICES
ATTACK PATH IDENTIFIED
FIELD RESULTS

Independent vulnerability research across public and private programs.

203reports
submitted
70critical
severity
64high
severity
ATTACK SURFACE / 001

The product is more than the interface.

A modern application is a network of trust decisions. Effective testing means moving through the whole system like a determined attacker would.

01MOBILE EDGE

Start inside the application

Android reverse engineering reveals hidden functionality, unsafe deep links, exported components, WebView bridges and embedded credentials.

APKDEEPLINKWEBVIEW
02TRUST CORE

Cross every API boundary

Authorization, identity and business workflows are tested for assumptions that enable account takeover, data exposure and privilege escalation.

AUTHZIDORLOGIC
03IMPACT ZONE

Trace impact into the cloud

Infrastructure experience turns small clues into validated impact across internal services, IAM, metadata, storage and deployment systems.

IAMSSRFCLOUD
TECHPRODUCTIMPACTMDP
CONTEXT CHANGES THE FINDING

Built from both sides of the system.

Eight years in cloud infrastructure provides the architectural depth. More than nine years running businesses provides the product and commercial context.

Together, they make it easier to recognize when a technical weakness becomes a real operational, financial or customer risk.

Explore the complete research archive
40.7128° N / AVAILABLE WORLDWIDE

Map the risk before someone else does.

Focused penetration testing and research for Android applications, web platforms and the APIs connecting everything together.

[email protected]