Boutique penetration testing, API & web application security, and source-code audits — delivered by a hunter with a live CVE record, and powered by hackz, the DAST scanner I build and battle-test myself.
No checkbox scan-and-forget. Every engagement is a manual, impact-first hunt across the full OWASP surface — with the noise stripped out and only exploitable, business-relevant findings reported.
Full WSTG coverage — auth/session, access control, injection, business logic, and client-side. Manual exploitation, not a scanner dump.
OWASP API Top 10: BOLA/BFLA, mass assignment, broken auth, excessive data exposure, GraphQL abuse, rate-limit & resource limits.
Read the code, find the sink. SQLi/SSTI/deserialization, authz gaps, secrets, and logic flaws — mapped to live, exploitable paths.
Misconfig, subdomain takeover, SSRF-to-metadata, IAM over-permissioning, and tenant-isolation breaks across AWS / Azure / GCP.
Prompt injection (direct & indirect), system-prompt extraction, insecure tool use, and excessive-agency abuse against AI features.
Recurring recon & monitoring — new subdomains, exposed services, leaked secrets — so your surface never drifts unwatched.
hackz is my own offline DAST engine — the same tool I use to find access-control and injection bugs at scale. Building a scanner means I understand exactly where automation stops and a human attacker begins. You get both: machine breadth and hand-crafted depth.
An air-gapped, corporate-grade vulnerability scanner covering web, network, and mainframe. Multi-user access-control engine, Nessus-style setup, fully offline — no data ever leaves your environment.
Define targets, access, and rules of engagement. Non-destructive, in-scope only, always.
Enumerate the full attack surface — subdomains, APIs, services — and build a coverage matrix.
Manual, impact-first testing across every WSTG class, with reproducible PoCs captured live.
Prioritized report with clear remediation, plus a free retest once you've shipped the fixes.
Tell me about your app, API, or environment. I'll scope a focused engagement and give you a straight answer on where the real risk is.
Book a security assessment →