A sample of engagements. Client names are redacted where required.
A Cursor-built SaaS shipped with privilege escalation on day one. Found and fixed before launch.
String-interpolated search exposed the whole database. Rewritten with bindings and tests.
Keys in the repo and APP_DEBUG on. Locked down config and rotated credentials.