Hi, I’m Sam!
Developer
and web security enthusiast.

Practical web application security for developers.
Pentesting workflows and security methodology.

My skills

Web pentesting

Security Champion

Quality Engineer

Developer

Biography

I specialize in developing and testing agentic applications at ServiceNow. With experience as both a QE and Developer, I have a unique perspective that allows me to write quality code. As my team’s Security Champion, my role also includes incorporating security best practices early in the pipeline.

With a focus on web application security, I continually study real-world vulnerabilities and testing techniques. On the side, I bug hunt and share what I learn through detailed blog posts.

Blog

  • Recently, I built an API using Node and express. Recently, I built an API using Node.js and Express. Building an API isn’t particularly novel, but that wasn’t my goal. Instead, I wanted to build an application I could be proud of from a security perspective. I wanted to make it as secure as possible —

    Read more →

  • A while ago, I did a writeup on Cicada. In this post, I’ll share my thought process and what I’ve learned solving EscapeTwo. EscapeTwo is the second box in the Attacking Active Directory Track on Hack The Box. So, it’s only natural that I stick with that theme. Enumeration Scanning Every enumeration starts with nmap.

    Read more →

  • I failed my first attempt at the Burp Suite Certified Practitioner Exam (BSCP). It definitely hurt and was a blow to my ego. Especially after having studied so much for months on end. For those who don’t know, the BSCP is an exam based on Portswigger’s Web Security Academy training. It’s 100% practical and tests

    Read more →

Get updates

The latest on how you can leverage your developer knowledge to applied web pentesting.