Security Consultant at Doyensec
1
Talks Delivered
1
Events Spoken At
1
Countries Visited
1
Years Speaking
1
Total Talks Given
I spoke at CONFidence 2025, one of the most established infosec conferences in Central Europe. My talk focused on advanced API authorization vulnerabilities and practical exploitation techniques, drawing from real-world engagements. I’ve compressed years of pentesting and secure code review experience into research-driven content and I’m eager to bring more of that to the stage.
Presentation Types
Audience Types
In my career as a security consultant and pentester at Doyensec, I’ve dug through dozens of codebases — big, small, famous, and not-so-famous. One of the biggest lessons I’ve learned? Authorization bugs are surprisingly common, even in mature, well-built systems. After countless late nights and busted apps, I’ve trained my spidey senses to detect when an architecture is practically begging for an authorization bypass. At CONFidence Conference 2025, I’ll cover:
- Real-world examples of vulnerabilities
- Common code patterns that lead to them
- The systemic root causes beyond the typical “missing authorization check in endpoint handler”
- Practical advice for writing secure authorization logic
- Cheat codes for teams low on story points but high on security ambition
