I find vulnerabilities in web applications before the bad actors do. With over 10 years of experience in bug bounty hunting and private engagements, I specialize in identifying complex issues across modern applications, including access control flaws, XSS, authentication bypass, business logic weaknesses, SQL injection, and API security risks.

My findings have been responsibly disclosed to more than 1,000 organisations worldwide, and I was ranked among the Top 100 all-time researchers on HackerOne from 2016 to 2025. Every assessment is driven by realistic attack scenarios, deep manual testing, and a strong focus on application logic.