- Контакты
- t.me/genkapentest
About Me
Professional specialist in application and infrastructure security assessment. I work in accordance with international security standards, performing the full cycle of testing, vulnerability identification, and preparation of detailed reports with remediation guidelines. I have experience with web applications, mobile applications, APIs, network infrastructure, and cloud platforms.
Services.
Web Application Penetration Testing
— business logic assessment
— authentication and authorization testing
— OWASP Top 10 vulnerability analysis
— API, GraphQL, and WebSocket testing
— file upload and validation mechanism testing
— server configuration and middleware assessment
— final report with evidence and recommendations
Mobile Application Penetration Testing (Android, iOS)
— static analysis of APK and IPA
— dynamic testing in a sandbox environment
— analysis of data storage and file system interactions
— backend API communication testing
— verification of encryption mechanisms and SDK security
— compliance with OWASP MASVS/MSTG
API Security Assessment
— testing REST, SOAP, and GraphQL APIs
— assessment of authorization implementations (OAuth 2.0, JWT)
— evaluation of brute force protection and rate limiting
— identification of logical flaws and incorrect interaction scenarios
— analysis of microservice communications
Network Infrastructure Testing
— external and internal penetration testing
— perimeter security assessment
— evaluation of VPN, WAF, IDS, and IPS
— configuration audit of network devices
— protocol analysis and attack surface identification
Security Architecture Review
— assessment of application and infrastructure architecture
— early identification of potential weaknesses
— analysis of secure authentication schemes
— audit of DevOps and CI/CD practices
Source Code Review
— security-focused code audit for major programming languages
— analysis of critical components: authentication, encryption, file handling, session management
— remediation recommendations
Reverse Engineering
— binary analysis
— evaluation of logic integrity and application protection
— review of packing, obfuscation, and anti-reversing techniques
Red Teaming and Social Engineering (with official authorization)
— simulation of real-world attack scenarios
— assessment of phishing resilience and social engineering exposure
— evaluation of human factor risks
— strict adherence to legal requirements
Cloud Security Assessment
— audit of AWS, GCP, and Azure
— analysis of IAM configurations, network policies, roles, and permissions
— evaluation of secrets management, logging, container configurations, and orchestration setups
Post-Audit Support
— developer consulting
— verification of fixes
— architecture improvement
— regular security reassessment
Deliverables for the Client
— complete technical report
— executive summary for management
— vulnerability evidence
— risk prioritization
— remediation guidelines
— revalidation after fixes if required
