Mihai-Denis
Tapalagă
// security
Got curious about how systems work as a kid watching a Minecraft server get DoS'd off the network. Behavioral economics master gives me a different lens on what makes applications insecure: not just code, but how humans actually interact with it.
That background also built the soft skills the engineering world chronically undersupplies: structured stakeholder communication, translating findings into language non-technical teams act on, and reasoning about decisions when the data is incomplete. In security, the technical work only matters if the right people understand it and move on it.
Focused on defensive application security: secure-by-design APIs, supply chain hardening, and threat modeling that accounts for the user-behavior side. Twelve months of hands-on security work on a production codebase, BSCP exam ahead.
Security Work
EventLink (API-first SaaS, early stage)
Hands-on application security work on a production codebase. Manual code review against OWASP Top 10, dependency scanning across the open-source supply chain, CVE triage, and structured remediation reporting to project owners. Stack: TypeScript backend, PostgreSQL, OpenTofu for infrastructure-as-code.
Selected Work
PortSwigger Web Security Academy
Working through Apprentice and Practitioner labs on the path to BSCP certification. Hands-on Burp Suite, OWASP Top 10 vulnerabilities, manual testing methodology.
OWASP Top 10 in Practice
SQL injection walkthrough using Burp Proxy and Repeater on a PortSwigger lab. Methodology, payloads, and lessons that apply to harder injection contexts.
Container Image Security Audit
Trivy integrated into GitHub Actions with auto-generated issues per Critical CVE. Triage methodology, base-image hardening, and the workflow patterns that turn scanning into actual remediation.
Full Attack Simulation
End-to-end attack chain on Metasploitable 2. Recon, service enumeration, Samba RCE (CVE-2007-2447), post-exploitation, full Wireshark traffic analysis.
Technical Stack
appsec
devsecops & tooling
recon & exploitation
platforms & certs
Writeups & Research
Security Writeups & Research
AppSec methodology, vulnerability walkthroughs, and DevSecOps tooling breakdowns. Hands-on practice documented in depth, focused on what actually translates into engineering work.
view all posts →