About

Who I am

Hi there! I’m Bogdan, a security researcher and Application Security Engineer from Romania, specializing in offensive security and web application penetration testing. I’m passionate about identifying and remediating security vulnerabilities across complex modern applications and cloud-native environments.

I’m an active bug bounty hunter on HackerOne and CTF competitor, continuously refining my offensive security skills. I view this craft like a mythical blacksmith—the more dedication poured into it, the better the results. My career is built on a foundation of reverse engineering, malware analysis, and software vulnerability research.

Current Focus:

• 🔍 Web application penetration testing & API security
• 🔐 CI/CD pipeline security & supply chain protection
• ☁️ Cloud security & cloud-native pentesting
• 📚 Working toward CCSP & GCPN certifications

In my free time, I enjoy combat sports, traveling, and creating music. Welcome to my blog!

Professional Summary

I currently work as an Application Security Engineer specializing in web application penetration testing. My role centers on identifying, exploiting, and helping remediate security weaknesses across complex applications and cloud-native environments. I work closely with engineering teams to strengthen security posture throughout the SDLC.

I have hands-on experience securing CI/CD pipelines, focusing on code and open-source dependency vulnerabilities using tools such as Snyk, and secret detection and governance using Cycode. My work enables developers to integrate secure practices early, maintain clean pipelines, and reduce security risks before they reach production.

My career path is firmly rooted in offensive security. I actively refine my skills through continuous learning, industry conferences, and advanced training. I currently hold CISSP and GWAPT (GIAC Web Application Penetration Tester) certifications and am working toward CCSP and GCPN (GIAC Cloud Penetration Tester) to deepen my cloud security and cloud pentesting expertise.

Before transitioning into application security, I began my career at Avira (now Gen) in 2018. Initially joining as an intern, I later moved into a Threat Researcher role, where I focused on malware analysis, reverse engineering, and detection engineering. I developed internal tools for analyzing malicious files—including a static analysis tool for identifying information leaks in Android applications—and contributed to research, threat hunting, and technical writing.

This foundation in reverse engineering, malware research, and software vulnerabilities continues to shape my approach as I grow in offensive security. My long-term goal is to become a highly skilled ethical hacker, constantly improving, learning, and enjoying the craft.

Licenses & Certifications

CISSP

Certified Information
Systems Security Professional

View Credential →

GWAPT

GIAC Web Application
Penetration Tester

View Credential →

In Progress: CCSP (Certified Cloud Security Professional)

GCPN (GIAC Cloud Penetration Tester)

Core Expertise

🔍 Offensive Security

Web application penetration testing, API security assessment, business logic exploitation, vulnerability discovery & validation using industry-standard methodologies and OWASP frameworks.

🔐 Application Security

SDLC security integration, secure code review, threat modeling, vulnerability assessment across web apps and cloud-native environments.

🔄 CI/CD & Supply Chain

Pipeline security hardening, dependency vulnerability scanning (Snyk), secret detection & governance (Cycode), open-source risk management.

☁️ Cloud Security

AWS security, container security, cloud infrastructure pentesting, cloud-native application assessment fundamentals.

🔧 Tools & Development

Burp Suite, Metasploit, Nmap, ffuf, sqlmap, recon automation. Custom tooling in Python for reconnaissance, analysis, and exploitation workflows.

📚 Research & Analysis

Reverse engineering, malware analysis, vulnerability research, root cause analysis, technical writing, and security documentation.

Technical Skills

Penetration Testing: Web application testing • API security • Business logic flaws • Authentication/Authorization • Input validation • OWASP Top 10

Tools & Platforms: Burp Suite • Metasploit • Nmap • ffuf • sqlmap • Cycode • Snyk • Kali Linux • Git

Cloud & Infrastructure: AWS • Kubernetes • Docker • Container security • Infrastructure pentesting

Languages & Scripting: Python • Bash • Automation frameworks • Custom tool development

Methodologies: NIST • OWASP • Threat modeling • Secure SDLC • Agile security

Let’s Connect

Interested in discussing security vulnerabilities, collaboration opportunities, or pentesting projects? I’m always open to connecting with fellow security professionals, potential clients, and organizations looking to strengthen their security posture.

Reach out via:

• 💼 LinkedIn - Professional inquiries and networking
• 𝕏 Twitter/X - Security insights and research discussions
• 🏃 HackerOne - Bug bounty programs and security collaborations

Looking forward to connecting with you!