I'm an Application Security specialist passionate about finding vulnerabilities before attackers do, and helping teams build safer digital products.

About Me

I specialize in Application Security and DevSecOps — helping teams integrate security practices directly into the development lifecycle. I enjoy automating security checks, building secure CI/CD pipelines, and making security an enabler rather than a blocker.

Core Skills

Application Security
Penetration Testing
DevSecOps
Threat Modeling
Secure Code Review
Programming

Projects

Burp Playbook — Practical Guide to Building Custom Extensions with Python

A practical e‑book that teaches you how to build Burp Suite extensions from scratch. Clear step‑by‑step examples, runnable code, and real-world exercises to automate and improve your testing workflow.

  • Step‑by‑step extension development guide
  • Complete example code & integration tips
  • Automation techniques to speed up testing
Grab your copy of my book on Amazon

DevSecOps Pipeline

  • Established a centralized orchestration system for managing SAST scan configurations, implementing custom code rules and ignore policies.
  • Uncovered a critical SCA bottleneck in outdated framework versions; led a company-wide upgrade, cutting findings by two thirds and seamlessly enforcing prevention mode.
  • Optimized CI/CD pipeline jobs for 100% SAST coverage and scan accuracy across all project types, following DRY and retry/fail-fast principles as well as setting up alerts for full visibility into failures.
  • Rolled out an end-to-end vulnerability triage process—including a dedicated Jira board, standardized reporting templates, “how-to” guidelines for developers, and an internal channel for quick reference on recent dependency updates.

    • Security Awareness Program

    Created security guidelines and training material for developers to reduce common security mistakes.

    From the Blog

    Brand-new prototype pollution gadget in MongoDB leading to RCE

    I uncovered a new prototype pollution gadget in mongodb NPM package version 6.6.2, that results in Remote Code Execution (RCE).

    Why does cyber security matter for your business?

    Understand how security vulnerabilities can impact your company's reputation and bottom line.

    3 banking security mistakes to avoid for a safer digital experience

    In this blog, I want to shed light on common mistakes, which can inadvertently put the security of our data and money at risk.

    Data exfiltration using Excel

    In this article, I talk about a new data exfiltration technique, which allows to read files on victim’s machine using an Excel file.

    Kiber təhlükəsizliyə yeni başlayanlar üçün tez-tez verilən suallar | FAQ for beginners in cyber security

    How integrating security early in development helps prevent costly incidents.

    You’re not as safe as you think: Here’s why you may be the next target of a cyber criminal

    Do you still believe hackers are only interested in spying on celebrities’ lives or stealing money from well-known companies?

    Contact

    Let's connect! You can reach me via email or social media.

    📧 Email 💼 LinkedIn 🐙 GitHub