I will perform a full vapt and deliver a security report
Penetration Tester, Bug Bounty Hunter, 3x CVE Discoverer
About this Gig
Are you looking for a professional security assessment with a clear, actionable report?
I'm wincr4ck offensive security researcher, HTB #1 Sri Lanka, HackerOne Top 2 Sri Lanka, and 3x MITRE CVE discoverer. I've found critical vulnerabilities in platforms used by UNICEF, Greenpeace, and global SaaS companies.
What I test:
- Web applications (auth, business logic, input validation)
- REST / GraphQL APIs (IDOR, BOLA, broken auth, injection)
- Cloud infrastructure (misconfigs, exposed secrets)
- Subdomains & attack surface mapping
What you get:
- Professional PDF report
- CVSS scored vulnerability ratings
- PoC screenshots & reproduction steps
- Remediation recommendations
- Post fix retest (Premium only)
Common findings: XSS, SQLi, IDOR, CORS misconfig, JWT attacks, 2FA bypass, auth bypass, subdomain takeover, exposed API keys.
Backed by 3 MITRE CVEs, RGOODS Hall of Fame, and active bug bounty work since 2024.
Message me before ordering to discuss your scope.
FAQ
Do you need access to my source code?
No. I perform black-box testing by default, just like a real attacker. Grey-box testing with partial access is also available for faster and more thorough results.
Is this legal and will you damage my system?
All testing is done ethically and only on systems you own or have permission to test. I follow responsible disclosure practices and will never damage or delete your data.
What format is the report delivered in?
A professional PDF report including executive summary, CVSS-scored findings, screenshots, reproduction steps, and remediation recommendations for each vulnerability.
What if no vulnerabilities are found?
You still receive a full report documenting what was tested and methodologies used. A clean report has value for compliance and client trust purposes.
Can you sign an NDA?
Yes. I'm happy to sign a mutual NDA before testing begins. Your application and all findings will be kept strictly confidential.

