Android applications
Reverse engineering, exported components, deep links, WebViews, JavaScript bridges and hardcoded credentials.
- Mobile attack surface
- Client-to-backend trust
Independent application security
Android, web and API security research grounded in real infrastructure experience and a practical understanding of how businesses operate.
Where I go deep
From the application on a user's phone to the APIs, identity systems and cloud services behind it.
Reverse engineering, exported components, deep links, WebViews, JavaScript bridges and hardcoded credentials.
Authorization failures, account takeover chains, injection, SSRF and multi-step business logic vulnerabilities.
IAM mistakes, exposed infrastructure and product flows where technical assumptions collide with business reality.
The difference
Eight years working with production infrastructure taught me how systems are really assembled. More than nine years building businesses taught me how products, permissions and payment flows are supposed to work.
That combination exposes the gaps between architecture diagrams and reality—the exact places where high-impact vulnerabilities tend to live.
Read the full profile and research archive →Start a conversation
Available for Android and web application penetration testing, security consulting and focused research engagements.
hello@mdpsecure.com ↗