Security researcher, bug hunter, software engineer.
Links:
Publications:
- Finding vulnerabilities in modern web apps using Claude Code and OpenAI Codex
- A Technical Deep Dive into Semgrep’s JavaScript Vulnerability Detection
- Exploiting dynamic rendering engines to take control of web apps
- Hardcoded secrets, unverified tokens, and other common JWT mistakes
Presentations:
- Most common vulnerabilities in Github Actions
- Bsides Seattle (April 2025)
- OWASP SnowFROC (March 2025)
- BSides Singapore (September 2024)
- Saving a SAST Program in Distress
- Scale Security with Secure Defaults & Eliminating Bug Classes