Services

Custom web applications and SaaS tools for founders and small businesses. I take products from blank page to production and maintain them after launch.

What I build

• Marketing sites and landing pages
• Web apps with auth and database
• Web apps with payments and billing
• SaaS MVPs and full products
• Marketplaces and complex platforms

Included by default

GDPR-aware data handling, secure-by-default architecture, mobile-first responsive design, production observability, daily backups, and a written handover doc you can give to any future developer.

Next.js · TypeScript · Supabase · Stripe · Vercel

Mobile apps for iOS and Android. I default to React Native because most products don't need fully native code. When the use case demands it, I write Swift or Kotlin.

What's included

End-to-end build from design through App Store and Play Store submission. Handover includes signing certificates, store credentials in your accounts, and the documentation to ship updates without me.

React Native · Swift · Kotlin · Expo

Penetration tests for small and mid-sized companies. Sized between an automated vulnerability scan and a full red team engagement.

What I test

• External infrastructure — your perimeter as an attacker sees it.
• Internal networks — assumed-breach scenarios; how far can an attacker move once they're inside?
• Active Directory environments — my deepest area. Misconfigurations, Kerberos abuse, delegation flaws, AD CS, hybrid Azure AD.
• Web applications — OWASP Top 10-aligned testing for business-critical apps.

What you receive

Executive summary your leadership reads in five minutes. Technical report with reproducible findings, CVSS scoring, and concrete remediation steps. Debrief call with your team. Free retest of critical and high findings within 90 days.

What I deliberately don't offer

Red team or full adversary simulation engagements. Mobile app, hardware, or IoT testing. Social engineering or phishing campaigns. Exploit development or zero-day research. For work outside this list, I can refer you to specialists in those areas.

Engagement model

Written scope and Rules of Engagement before any testing begins. Authorization letter required from the legitimate system owner. All work performed under signed agreement with explicit testing windows.