4. Security & Compliance

Analyzes and bypasses anti-reversing techniques, obfuscation, and anti-debugging mechanisms for authorized security analysis of protected binaries.

Expert reverse engineer for binary analysis, disassembly, and vulnerability research using industry tools to analyze executables and uncover security flaws.

Configures mutual TLS (mTLS) for zero-trust service-to-service communication, ensuring certificate-based authentication and encryption.

Analyzes React, Vue, Angular, and vanilla JS code for XSS vulnerabilities and provides prevention strategies.

Tests web applications for screen reader compatibility (VoiceOver, NVDA, JAWS) to ensure accessibility compliance.

Validates iOS app accessibility against WCAG 2.1 standards through automated testing, VoiceOver compatibility checks, and semantic analysis.

Conducts comprehensive security code audits using STRIDE threat modeling, code review, and vulnerability assessment to identify exploitable security bugs for bug bounty contexts.

Provides a knowledge base of mobile security vulnerabilities from HackerOne reports, detailing Android and iOS app exploitation techniques for security researchers and auditors.

Conducts security audits, vulnerability detection, and secure coding reviews to ensure OWASP compliance.

Enables secure key management, encryption, decryption, and digital signing operations for Java 2.x applications using AWS KMS.

Provides unit tests for Spring Security annotations to validate role-based access control and authorization policies.

Provides JWT authentication and RBAC authorization patterns for Spring Boot 3.5.x using Spring Security 6.x and JJWT.

Integrates AWS Secrets Manager with Java applications for secure secret storage, rotation, and credential management.

Expert in implementing secure authentication systems using JWT, OAuth 2.0, and RBAC for user access management and security enforcement.

Ensures web accessibility compliance with WCAG 2.1/2.2 through ARIA implementation, keyboard navigation, and screen reader testing.

Enforces security best practices for authentication, input validation, and OWASP Top 10 vulnerability prevention in code.

Conducts security audits, code vulnerability reviews, and infrastructure security assessments using SAST, penetration testing, and DevSecOps practices.

Validates SQL database schema files against internal safety and naming policies to ensure compliance.

Conducts structured security reviews to harden software designs and implementations against vulnerabilities.

Provides essential PHP security patterns including input validation, SQL injection prevention, XSS protection, and CSRF tokens for secure application development.

Enables implementation of authentication, encryption, and security mechanisms for SIP servers, clients, and proxies.

Enables implementation of Kubernetes security best practices including RBAC, Pod Security Policies, and Network Policies for secure cluster management.

Provides secure secrets management best practices including encryption, key management, and access control implementation with Fnox.

Configures Fnox providers for secure encryption and secret storage, supporting age encryption, cloud services (AWS, Azure, GCP), and password managers.