Independent security researcher
I find vulnerabilities
that scanners miss.
Deep manual assessment of web applications, cloud infrastructure, and smart contracts. I connect code, traffic, configuration, and product context into a unified risk model.
Authorized assessments
NDA
Responsible disclosure
00 / TRACK RECORD
A track record built through real engagements, not certificates on a wall.
01 / APPROACH
A scanner sees a signal.
A scanner sees a signal.
I see the system.
Automation is useful for baseline coverage. But critical risks often live between roles, states, and business processes — where human hypotheses matter.
Surface-level scan
My manual assessment
×
Matches responses against known signatures
01
I model objectives, roles, and potential attack chains
×
Checks endpoints in isolation
02
I examine relationships across APIs, UI, and internal states
×
Produces a long list without context
03
I prioritize findings by real business impact
×
Stops when the report is delivered
04
I support the team through triage, remediation, and retesting
02 / EXPERTISE
I go beyond
I go beyond
the checklist.
I can assess a specific release or perform a comprehensive review of the product and infrastructure. Scope is agreed before work begins.
Authentication and authorization, IDOR/BOLA, payment flows, race conditions, server-side vectors, and non-obvious vulnerability chains.
IAM, storage, Kubernetes, serverless, CI/CD, containers, network segmentation, and the external attack surface.
Source and compiled code analysis, dependencies, cryptography, race conditions, protocols, firmware, and IoT.
Solidity and EVM bytecode, access control, oracle dependencies, mobile runtime analysis, and network-layer protection.
Authorized external attack-surface analysis: assets, public code, JavaScript and APIs, cloud footprint, secret exposure, and technology relationships.
03 / RESEARCH SYSTEM
Data is not a report.
Data is not a report.
It is an attack map.
I do not collect signals for volume. Code, traffic, roles, states, configurations, and passive external intelligence become testable hypotheses.
What I analyze
- Source code and dependency graph
- API schemas, traffic, and JavaScript
- Roles, sessions, and business rules
- Cloud, IAM, containers, and CI/CD
- Logs, telemetry, and system states
- Passive public footprint
How I connect it
- Attack surface and trust mapping
- Role and tenant differential testing
- State-machine and transaction analysis
- Hypothesis-driven manual testing
- Cross-layer system correlation
- Attack-chain and impact modeling
What I uncover
- Auth bypass and broken access boundaries
- IDOR / BOLA / BFLA and tenant isolation
- Business-logic flaws and race conditions
- Server-side vulnerability chains
- Secrets, supply chain, and configuration drift
- Systemic risk in product context
TRACK 01
Web & API Security
I assess the full lifecycle of data, roles, and transactions — not endpoints in isolation.
TRACK 02
Cloud & Infrastructure
I find where excessive trust between services turns a local weakness into systemic risk.
TRACK 03
Code & Binary Analysis
I trace data and trust from source code to runtime behavior, protocols, and firmware.
TRACK 04
Smart Contracts & Mobile
I assess code and runtime where irreversible transactions and hostile client environments raise the cost of failure.
TRACK 05
Passive Security Intelligence
I use authorized passive sources only to view assets and relationships from an external perspective.
MANUAL FIRST
Model the system first. Test second.
Every finding must be reproducible, carry clear impact, and include a concrete remediation path.
04 / PROCESS
From scope
From scope
to risk closure.
A transparent process with no black box. Your team knows what is happening at every stage.
Define the boundaries
Scope, rules of engagement, access, timeline, NDA, and written authorization.
Map the system
Architecture, roles, assets, APIs, trust relationships, and attack surface.
Test hypotheses
Manual testing, edge cases, business logic, and exploitation chains.
Turn risk into action
Reproducible steps, severity, impact, and a concrete remediation strategy.
Verify the outcome
Team triage, remediation guidance, and retesting.
05 / DELIVERABLES
A report your team
A report your team
can act on.
Not a tool export, but a document for engineers and leadership: what happened, why it matters, and how to fix it.
Executive summary
A map of key risks and priorities for leadership.
Technical findings
Context, reproduction steps, evidence, and severity.
Remediation plan
Prioritized recommendations without generic advice.
Retest
Verification of fixes and documentation of residual risk.
AUTHORIZED WORK ONLY
Only with authorization.
Only with authorization.
Always with accountability.
Authorized penetration testing
Security code review
Bug bounty programs
Responsible disclosure
NDA / MSA / SLA
Documented methodology
06 / CONTACT
Have a system
Have a system
you cannot trust blindly?
Tell me about the product and the concern. I will help define a sensible scope, assessment format, and next step — without selling unnecessary work.
Available for new engagements
DIRECT EMAIL
info@samoilovsecurity.xyz ↗