Execute systematic fuzzing attacks on REST, SOAP, and GraphQL APIs to discover vulnerabilities including IDOR, authentication bypass, and injection flaws.
Implement authentication, authorization, input validation, rate limiting, and OWASP API Top 10 protections for REST, GraphQL, and WebSocket APIs.
Execute systematic AWS penetration tests covering IAM enumeration, privilege escalation, metadata exploitation, and persistence techniques for red team assessments.
Authenticate Java applications with Azure services using Microsoft Entra ID with DefaultAzureCredential and managed identities.
Authenticate Rust applications to Azure using DeveloperToolsCredential, ManagedIdentityCredential, or ClientSecretCredential with Microsoft Entra ID.
Create, manage, and perform cryptographic operations on keys stored in Azure Key Vault using Rust SDK with complete code examples.
Authenticate and manage secrets in Azure Key Vault using Rust SDK with get, set, delete, and version control operations.
Decode compiled binaries using x86-64, ARM64, and ARM32 assembly patterns with calling conventions, control flow, and function structure recognition.
Test web applications for authentication vulnerabilities using systematic methodology across password policies, session handling, brute force, and credential stuffing attacks.
Extract and search HTTP traffic, headers, and audit findings from Burp Suite project files using regex patterns and targeted filters.
Review code for vulnerabilities across secrets, input validation, SQL injection, and authentication using domain-specific checklists and safe code patterns.
Analyze repository structure and generate safe Claude Code settings.json permissions for read-only bash commands.
Conduct risk-first security code reviews on PRs with evidence-based findings, blast radius analysis, and adversarial modeling.
Systematically investigate Django authorization implementations to find IDOR and access control vulnerabilities through code tracing and ownership model analysis.
Audit food facilities against FSMA, HACCP, and PCQI compliance standards; identify gaps in preventive controls and corrective actions.
Audit medical device software against 21 CFR Part 820, IEC 62304, and ISO 13485 with severity-ranked findings and corrective actions.
Execute advanced web fuzzing for penetration testing using FFUF with multi-wordlist modes, authenticated requests, and intelligent filtering.
Identify and exploit file path traversal vulnerabilities to read arbitrary server files including credentials and source code.
Review code branches for security vulnerabilities, bugs, and quality issues using systematic attack surface mapping.
Audit GitHub Actions workflows for exploitable vulnerabilities using real attack patterns, requiring concrete exploitation scenarios for every finding.
Identify and exploit HTML injection vulnerabilities in web applications using structured testing phases, payload examples, and remediation guidance.
Systematically identify and exploit Insecure Direct Object Reference vulnerabilities using parameter manipulation, enumeration, and Burp Suite techniques.
Analyze Laravel code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards.
Review Bitcoin Lightning Network protocol designs, compare channel factory approaches, and analyze Layer 2 scaling tradeoffs with expert-level depth.
Write correct Odoo security rules: ir.model.access.csv entries, ir.rule record restrictions, and multi-company access patterns.
Execute comprehensive penetration tests using structured phases for scoping, preparation, execution, and remediation with specific task workflows.
Provide quick lookup for nmap, Metasploit, and exploitation commands during authorized security assessments.
Build privacy protections into app architecture from day one using GDPR, CCPA, LGPD principles—data minimization, consent, encryption, user rights.
Configure Static Application Security Testing tools (Semgrep, SonarQube, CodeQL) with custom rules, CI/CD integration, and quality gates.
Implement secure secrets storage and rotation in CI/CD pipelines using Vault, AWS Secrets Manager, and cloud providers.
Scan source code across 7 languages for injection, secrets, and framework vulnerabilities using Bandit, ESLint, Semgrep with triage workflow.
Audit IAM policies, enforce least privilege, detect overly permissive access, and validate MFA/key rotation compliance.
Port existing Semgrep security rules to new target languages with applicability analysis and test-driven validation.
Identifies footgun APIs, dangerous defaults, and security-misuse designs that enable developer mistakes.
Systematically discover exposed services, vulnerable systems, and IoT devices using Shodan's API, CLI, and search filters during authorized penetration testing.
Conduct comprehensive SMTP server security assessments to identify vulnerabilities including open relays, user enumeration, weak authentication, and misconfigurations.
Verify blockchain code implements exact specification requirements by comparing against whitepapers and design documents with evidence-based gap analysis.
Execute systematic SQL injection assessments to identify database vulnerabilities, extract schemas, and validate input sanitization across multiple attack vectors.
Apply STRIDE, PASTA, and attack trees to identify security threats and design mitigations for system architectures.
Reference 100+ critical web vulnerabilities organized by category with root causes, impacts, and specific mitigations for systematic security testing.
Find similar vulnerabilities across codebases using pattern-based analysis with ripgrep, Semgrep, and CodeQL after identifying an initial issue.
Protect sensitive environment variables in Claude Code sessions using secure-by-default masking and validation.
Audit AI-generated or rapidly iterated code for structural flaws, security risks, and production readiness across seven dimensions.
Systematically enumerate Windows systems and exploit privilege escalation vulnerabilities during authorized penetration testing to achieve elevated access.
Quantify security risks in dollars, build compliance roadmaps, and architect zero-trust strategies for growth companies.
Execute ISO 27001 internal/external audits with risk-based scheduling, control assessment, nonconformity classification, and certification support workflows.
Audit Next.js API routes against security patterns, catching auth drift, unsafe casts, missing validation, and org-scoping gaps.
Audit GitHub Actions workflows for security vulnerabilities in AI agent integrations by detecting attack vectors where attacker-controlled input reaches CI/CD-deployed agents.