I focus on identifying security issues in web applications and reporting them directly to site owners in a responsible and non-disruptive manner.
My work is focused on manual web application testing with an emphasis on access control issues, input validation flaws, and business logic problems. I follow responsible disclosure practices and do not publish sensitive details without permission.
User input was reflected into the response without proper encoding, allowing script execution in the browser context. Potential impact included session abuse if cookies were misconfigured.
An authenticated user was able to access resources belonging to other users by modifying an identifier in a request due to missing authorization checks.
Improper validation of request sequence allowed bypassing intended restrictions, leading to unintended application behavior.
Explore detailed security case studies and technical write-ups demonstrating real-world vulnerability research and responsible disclosure.
View Full Portfolio →
For responsible disclosure inquiries:
security@averonsec.com