You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Anthony DessiatnikoffAD

Anthony Dessiatnikoff

Pentester | NIS2 & CRA Compliance | AI Red Team

€800/day
4 projects
Toulouse, FR
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Anthony

Independent Pentester, over 10 years in offensive security. I work alone, without subcontracting: you deal directly with the person performing the tests.

I help SaaS editors and SMEs/ETIs reduce their attack surface and demonstrate their compliance.

Interventions:
- NIS2 compliance Pentest (report mapped to Article 21)
- CRA product security audit (SBOM, vulnerabilities, reporting)
- AI Red Team / generative AI pentest (LLM, RAG, agents)
- Web / API pentest and AWS cloud security
- Qualiopi certified training

Method: reproducible findings (PoC), executive + technical report, prioritized remediation plan, retest included. OWASP, PTES, MITRE ATLAS frameworks.

Available for one-off missions, recurring pentests, and compliance support (NIS2 deadlines end of 2026, CRA September 2026).
  • French

    Native or bilingual

  • English

    Fluent

  • Spanish

    Basic

Can work on-site
Toulouse (up to 20km)

Experience

  • CodiTrust
    Freelance Pentester - SaaS Web/API & AWS Security
    CONSULTING AND AUDITS
    August 2021 - Today (5 years)
    Toulouse, France

    Main missions

    • Web and REST API penetration tests (pentests)
    • Authentication mechanism analysis: JWT, OAuth2, SSO
    • Access control and multi-tenant vulnerability audit
    • Business logic flaw research
    • Privilege escalation and data exfiltration
    • AWS security audit: IAM, S3, managed services, network configuration

    Approach

    Tests conducted under realistic conditions:
    • Structured reconnaissance
    • Validated manual exploitation
    • Attack chains combining application and infrastructure
    • Concrete impact evidence
    • Each vulnerability is demonstrated and contextualized according to its business risk.

    Deliverables

    For each pentest, I deliver:
    • Detailed technical report
    • Prioritized recommendations
    • Presentation to technical teams
    • Summary for management or investors if necessary

    Typical environments

    • Multi-tenant B2B SaaS
    • Microservices architectures
    • Publicly exposed applications
    • AWS hosting
    AWS Security Audit Amazon Web Services Penetration Testing PenTest
  • Client dans le secteur du Courtage Immobilier
    Pentest on several Web applications
    BANKING AND INSURANCE
    May 2023 - June 2023
    Toulouse, France
    Performing complete penetration tests on web applications exposed in production.

    Work performed

    • Reconnaissance and application mapping phase
    • Analysis of authentication mechanisms and session management
    • Testing access controls and business logic
    • Searching for OWASP Top 10 vulnerabilities and application-specific flaws
    • Validated exploitation of critical vulnerabilities

    Results

    • Identification of privilege escalation scenarios
    • Highlighting of data exfiltration risks
    • Demonstration of real impact on application security

    Deliverables

    • Structured audit report with exploitation evidence
    • Recommendations prioritized by risk
    • Detailed technical presentation on-site or via videoconference
    Penetration Testing PenTest Report Writing Web Pentest
  • Société dans le secteur énergie
    Incident Response - Website Compromise
    ENERGY AND UTILITIES
    June 2023 - June 2023
    Toulouse, France
    Intervention following the compromise of a website in production.

    Analysis and Investigation

    • Forensic analysis of compromised files and application logs
    • Identification of the initial attack vector
    • Detection of webshells and injected malicious scripts
    • Analysis of persistence mechanisms implemented by the attacker

    Remediation

    • Removal of malicious files and associated artifacts
    • Correction of the exploited vulnerability
    • Rotation of credentials and hardening of access
    • Verification of application file integrity

    Post-Incident Security

    • Complete security audit of the application
    • Review of server permissions and configuration
    • Implementation of hardening measures
    • Recommendations to prevent recurrence
    Cybersecurity Incident Response Wordpress Malware Analysis

Reviews

5.0

Out of 2 ratings

N

Nicolas

Soleriel

Reviewed on 5/26/2023

We worked with Anthony following security issues on our website. He quickly fixed the problem, implemented the necessary measures to prevent further attacks, and was very available and pedagogical. I highly recommend his support.
N

Nicolas

Soleriel

Reviewed on 6/21/2023

Recommendations

Be the first to recommend Anthony

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • PhD in the security of avionics systems
    INSA Toulouse
    2014
    Doctorat consacré à la sécurité des systèmes embarqués critiques, appliquée à des environnements à fortes contraintes de sûreté et de fiabilité. Travaux de recherche orientés sur : • l’analyse des surfaces d’attaque des systèmes embarqués, • l’évaluation des risques de sécurité dans des contextes critiques, • la modélisation des menaces et des scénarios d’attaque, • l’impact des vulnérabilités sur la sûreté de fonctionnement. Ce travail a permis de développer une approche rigoureuse de l’analyse de risques, directement applicable aux audits de sécurité et aux tests d’intrusion sur des systèmes complexes.
  • Master of Computer Science specializing in Information Security and Cryptology
    University of Limoges
    2009
    Formation avancée en sécurité informatique couvrant les fondements théoriques et les applications pratiques de la cryptographie et de la protection des systèmes. Compétences développées : - Cryptographie symétrique et asymétrique - Protocoles cryptographiques et sécurité des communications - Sécurité des systèmes et réseaux - Gestion des identités et mécanismes d'authentification - Analyse de vulnérabilités et modélisation des menaces Stage de 5 mois - Trusted Platform Module (TPM) : Travaux de recherche et développement autour du module matériel de sécurité TPM : - Étude des mécanismes d'ancrage matériel de confiance - Analyse des fonctions de stockage sécurisé de clés - Expérimentation des mécanismes d'attestation et de scellage - Évaluation des usages du TPM dans des architectures sécurisées

Certifications

  • Certified Ethical Hacker Instructor
    EC-Council
    2016
    Penetration Testing
  • Certified Ethical Hacker
    EC-Council
    Linux Windows Information Security

Skill set

Categories