500+ validated vulnerabilities. $72K+ from a single program. Ranked #1 in a leading private SaaS program. Entirely self-taught — I built this through manual testing, depth-first research, and obsessive focus on business logic that automated tools will never catch.
I turn messy product behavior into clear, reproducible security impact that engineering teams can fix.
Authorization, multi-tenant SaaS boundaries, account recovery, API object access, and abuse of trusted workflows.
Concise reports, exploit paths, business impact, practical remediation guidance, and retest-ready validation.
I identify roles, object ownership, tenant boundaries, state changes, and trust assumptions before touching payloads.
I chain normal product actions in abnormal orders to expose privilege, recovery, billing, and workflow failures.
Every report is written with reproduction steps, affected scope, severity reasoning, and exploit constraints.
I help teams close the root cause, retest patches, and avoid variant bugs across similar endpoints.
Weak token validation enabling full account compromise without user interaction — all account types in production.
Multi-tenant IDOR enabling unauthorized access to sensitive data across organizational boundaries in live SaaS.
Low-privilege users reaching admin-level permissions via authorization flaw impacting core data governance.
Systemic API parameter manipulation exposing confidential records across accounts — multiple endpoints affected.
Algorithm confusion attack allowing forged tokens to authenticate as any user without credentials.
Unprotected object properties allowing users to self-elevate roles and unlock restricted platform features.
Deep manual testing of web applications targeting authentication, authorization, and session logic. No automated scanner noise.
REST API audits covering BOLA, broken function-level auth, mass assignment, and token-based flaws across all endpoints.
Specialized testing of SaaS platforms for cross-tenant data leaks, tenant isolation failures, and authorization boundary issues.
Manual discovery of complex logic flaws — privilege chains, workflow bypasses — that DAST tools and automated scanners systematically miss.
Comprehensive review of RBAC/ABAC implementations, permission models, and data scoping to eliminate privilege escalation paths.
Collaborative remediation support, authorization design review, and Secure SDLC guidance for engineering teams building at scale.
The result came from going deeper into one complex SaaS platform instead of chasing volume. The strategy was simple: understand product roles, map object access, test tenant boundaries, then chain small authorization issues into high-impact reports.
SaaS, fintech, internal admin tooling, API-heavy platforms, multi-tenant products, identity systems, and any workflow where access control failure becomes business risk.
A depth-first story about staying on one complex SaaS target and repeatedly finding IDOR, PII leaks, broken access control, and privilege escalation bugs.
A critical password-reset flow failure where missing token validation allowed unintended password changes and sensitive account data exposure.
A business logic bypass where changing one server-trusted plan parameter unlocked premium and Enterprise trial features without approval.
Two same-root IDORs in workspace team actions leaked arbitrary user PII through audit logs after user ID tampering.
A personal story about learning from scratch, going manual-first, using PortSwigger and real writeups, and turning bug bounty into full-time work.
A focused share-function hunting strategy that chained multiple IDOR variants across similar features in one SaaS application.
Available for full-time Product Security Engineer roles, consulting engagements, and private bug bounty programs. I work best on complex SaaS products where depth matters more than breadth.