Real Offensive Experience
I’ve spent nearly two decades breaking real systems, not just reviewing reports or running scanners. Every engagement is manual, attacker-driven, and focused on how systems are actually compromised.
Contact: engagement details
I work on clearly scoped, hands-on security engagements with a strong focus on offensive web application security. Typical penetration testing engagements are measured in multiple consulting days, depending on scope and complexity. If you’re unsure about the appropriate scope or approach, feel free to reach out. I’m happy to discuss options and expectations upfront.
Engagements are priced on a per-project or per-day basis, depending on the type of work. I also offer shorter consultations, application security audits (including CI/CD), and support with establishing responsible disclosure or bug bounty programs.
Get in touch
Need to discuss a potential engagement, collaboration, or have a specific security question? Email is the preferred way of communication.
- [email protected]
- Brno, Czechia (remote)
Registered office & billing details
Sole trader registered in the Trade Register since 19. 07. 2022,
recorded by the Brno City Hall.
Kamil Vavra
Nove sady 988/2
602 00 Brno
Czechia
IC: 75345773
Data Box ID: d7ttevd
SWIFT: AIRACZPP
IBAN: CZ0100000000101000131337
Services: how can I help you today?
- Web Application Penetration Testing & Bug Bounty
- Application Security Testing (SAST, DAST, SCA)
- Advanced Web Application Security Audits
- CI/CD Security Assessments & Supply Chain Risk
- Secure Code Review (Web, APIs, Backend & Android)
- Threat Modeling & Real-World Attack Surface Analysis
Why work with me?
Specialized in Web Application Security
My core expertise is offensive web application security, from complex business logic flaws to modern API and CI/CD attack paths. This focus allows me to uncover issues that generalized security testing often misses.
Actionable Findings That Matter
My testing follows current attack trends and techniques seen in the wild, not outdated checklists. You get clear guidance on what actually needs fixing and why. I prioritize vulnerabilities that are often overlooked.
Recognized & Trusted Expertise
I actively contribute to the security community through OWASP leadership, public speaking, and open-source development. Clients work directly with me because trust and proven expertise matter, especially in security.
