Hi, my name is
Kamil Vavra

Senior Application Security Engineer

I'm an independent offensive security expert with 19+ years of hands-on ethical hacking experience, specializing in offensive web application security.

I help organizations identify critical weaknesses and build real resilience against modern threats. Available for short-term engagements, including:

Web Application Penetration Testing
Advanced Web Application Security Audits
Secure Code Review & CI/CD Security Assessments
Application Security Testing (SAST, DAST, SCA)
Threat Modeling & Real-World Attack Surface Analysis

Why work with me?

Real Offensive Experience

I’ve spent nearly two decades breaking real systems, not just reviewing reports or running scanners. Every engagement is manual, attacker-driven, and focused on how systems are actually compromised.

Specialized in Web Application Security

My core expertise is offensive web application security, from complex business logic flaws to modern API and CI/CD attack paths. This focus allows me to uncover issues that generalized security testing often misses.

Actionable Findings That Matter

My testing follows current attack trends and techniques seen in the wild, not outdated checklists. You get clear guidance on what actually needs fixing and why. I prioritize vulnerabilities that are often overlooked.

Recognized & Trusted Expertise

I actively contribute to the security community through OWASP leadership, public speaking, and open-source development. Clients work directly with me because trust and proven expertise matter, especially in security.

Get in touch

Email is the preferred way of communication.

[email protected]
Brno, Czechia (remote)

CVEalert.io ~ join the waitlist for early access.