Available for selected security engagements

Independent application security

I find the vulnerabilities surface-level testing leaves behind.

Android, web and API security research grounded in real infrastructure experience and a practical understanding of how businesses operate.

203reports submitted
70critical findings
64high severity
8 yrscloud infrastructure

Where I go deep

Security testing that follows the full attack path.

From the application on a user's phone to the APIs, identity systems and cloud services behind it.

01

Android applications

Reverse engineering, exported components, deep links, WebViews, JavaScript bridges and hardcoded credentials.

  • Mobile attack surface
  • Client-to-backend trust
02

Web and APIs

Authorization failures, account takeover chains, injection, SSRF and multi-step business logic vulnerabilities.

  • Manual API testing
  • Complex exploit chains
03

Cloud and logic

IAM mistakes, exposed infrastructure and product flows where technical assumptions collide with business reality.

  • Infrastructure context
  • Real-world impact

The difference

Technical depth, with business context.

Eight years working with production infrastructure taught me how systems are really assembled. More than nine years building businesses taught me how products, permissions and payment flows are supposed to work.

That combination exposes the gaps between architecture diagrams and reality—the exact places where high-impact vulnerabilities tend to live.

Read the full profile and research archive

Start a conversation

Have an application that needs a deeper look?

Available for Android and web application penetration testing, security consulting and focused research engagements.

hello@mdpsecure.com