Security audits

Code reviews, pentest, system audit are my daily

After the audit you get a report resuming the checks performed, the issues found and some recommendations. Because of my developer background, I am able to understand how to fix them and potentially help in this task.

Courses

Hacking & Web application security: a 3 days course for tech peoples who want to learn the basic vulnerabilities of modern webapps: input validation, xss, sqli, ssrf, passwords, cookies, tools and true stories…"

Bug Bounty overview: a presentation for companies who want to know more about bug bounty to take the good descision: actors, programs, reports, rewards, rules, evolution, case studies…

PHP for beginners: understand the basics of PHP: object-oriented programming, storage, data exfiltration, database and more…

Bug bounty

With more than 8 years of experience, I had the opportunity to study several aspects of this industry:

As a bug hunter, I am pretty familiar with the expectations of hackers: What they look for, what are their problems, what make them more involved…
As a consultant, I help companies to manage their program. How to choose a scope, how to create a reward policy, what are SLAs, how to handle the reports, how to deal with hackers…
As this list shows, I spent time to study the main platforms available on the current market. Depending of some criterias (size, country, law…) some of them may fit better to your business.

In a nutshell my goal is to help all actors in the bug bounty industry to be successful and develop the programs on the long term.