🔍 Penetration Testing & Offensive Security

Cut through the noise. Break things before attackers do.

What I Do

Network Assessments

Full‑stack discovery, vulnerability mapping, exploit validation, and an exploit‑proof remediation roadmap.

Web App Assessments

OWASP‑aligned black‑, grey‑, or white‑box testing with business‑logic abuse coverage and proof‑of‑concept exploits.

Red Team Scenarios

Adversary simulation (MITRE ATT&CK), stealthy post‑exploitation, and executive red–blue debriefs.

Mobile App Assessments

Static + dynamic testing on iOS & Android, API fuzzing, jailbreak/root bypass checks, secure‑storage validation.

Secure Coding Review

Automated SAST + manual code review with contextual risk scoring and fix‑first prioritization.

SecOps

Designing and implementing CI/CD pipelines with integrated security scanning, automated vulnerability management, and IaC security hardening.

Smart Contract Auditing

In-depth review of Solidity, Rust, or other smart contract code to identify vulnerabilities, ensure logic integrity, and optimize gas usage.

My Approach

1. Recon & Threat Modeling – Understand what truly matters to your business.
2. Exploit‑Driven Testing – Focus on impact, not just CVSS scores.
3. No‑BS Reporting – Crystal‑clear, exec‑ready briefs + developer‑friendly remediation tasks.
4. Rapid Re‑Test – Validate fixes fast and certify closure.

Why Me?

• Security Research Engineer—I break things for a living
• Proven track record: CVE‑2024‑57716 • CVE‑2025‑26127 • GHSA‑564j‑v29w‑rqr6 • Quebec Gov Cyber Contributors
• Certs: OSCP+, OSCP, OSWP, CRTP, SCH, eJPT
• Speed: Lean workflows, same‑day initial findings
• Transparency: Real‑time progress boards and direct Slack / Matrix / Signal access

Ready to Test Your Defenses?

Get in contact with me!

📧 Email: borsdavid@proton.me
🔗 LinkedIn: David Bors

Let’s break your security—before someone else does.