Fortify your systems. Fund a humanitarian mission.
Developer-focused security assessments with practical, affordable and fast remediation guidance.
Security for builders.
I work with developers and small teams to secure what you ship — from static sites to login-based apps — with actionable fixes and minimal noise.
It’s a professional, industry-grade service. And because I care about impact, I donate 50% of every engagement to our school's Cambodia Service Tour.
*Due to school policy, the name isn't listed publicly. However, it can be confirmed & verified upon request.
What's included
Web Application Security Audit
Passive and active recon
OWASP Top 10 vulnerability checks
Credential and input handling review
Industry-grade Report
Executive summary
Technical findings & CVSS scoring
Remediation advice for both technical & non-technical clients
Professional documentation
Every engagement is governed by a formal Rules of Engagement agreement. This protects both of us and ensures ethical, responsible testing. Preview the document here.
Your report provides clear, actionable steps for remediation, along with verbose technical reports on all key findings.
Human impact
50% of my fee funds construction materials and essential supplies for families in rural Cambodia.
You'll receive a confirmation + photo follow-up post-tour.
I'll share a confirmation of the contribution after your engagement.
Services and pricing
Offensive security
Hands-on testing to find exploitable risks before attackers do.
Passive & active recon
OWASP Top 10 checks and manual testing
Targeted penetration testing of in-scope areas
Developer-ready report with prioritized fixes
Defensive hardening
Review and hardening to reduce attack surface and cost of fixes.
Exposure checks and dependency audit
Secrets/config review (env, headers, CSP)
Secure defaults and hardening checklist
Optional code-level review (scoped)
Custom quote
Perfect for larger scopes, recurring assessments, or mixed offensive/defensive work.
Third-party integrations and SSO
Internal workflows and CI/CD
Secure setup and configuration
Recurring assessments
How it works
Request a service
We'll define clear Rules of Engagement and determine exactly what you want tested. No tech knowledge required.
Confirm booking
We’ll confirm scope, timelines, and pricing. I donate 50% of my fee to the Cambodia Service Tour.
I get to work
The assessment begins. I'll comprehensively test the security of your site based on the defined scope.
Receive your findings
You'll be provided a clear, actionable report with prioritised recommendations. No fluff, no jargon walls.
FAQ
How will we define the Rules Of Engagement?
After you reach out, we'll have a discussion to clarify your needs and expectations.
Then, I'll draft a clear Rules of Engagement document for you to review and sign. This ensures we're on the same page before any testing begins.
You can preview the document here.
Where does the money go exactly?
I donate 50% of my fee from each engagement to my school's Cambodia humanitarian trip. You’ll receive a confirmation once it’s made.
What do I get in return?
A practical security assessment and developer-ready report detailing vulnerabilities, impact, and how to fix them — fast.
Are you qualified to do this?
Yes. I've passed the eJPT (Junior Penetration Tester certification), and regularly complete CTFs and real-world assessments. You can verify my credentials & education on my LinkedIn.
What do you get out of it?
I gain real-world experience, portfolio material, testimonials, and the chance to build something bigger than just a school fundraiser.
What kind of sites or systems do you test?
Right now, I focus on public-facing websites and basic web applications. If you're not sure what category you fall into, just ask.
Ship safer, faster. Let’s talk
I’m taking on limited clients. Lock in your assessment below.