You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Baptiste CosteBC

Baptiste Coste

Web & API Pentest

€400/day
Poitiers, FR
3-7 years
Web Pentest
API
Web Exploitation
Web Application Attacks

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Baptiste

Web & API Pentest


Independent consultant based in Poitiers, I specialize in web application penetration testing. Recognized for my expertise and certifiedOSCP**(Offensive Security Certified Professional)**, I assist companies of all sectors in identifying and remediating vulnerabilities before they are exploited.

My audits are based on theOWASPframework, with a clear, structured methodology aligned with industry standards. The tests combine automated tools and in-depth manual analysis to identify real vulnerabilities, beyond false positives. Each audit is adapted to the architecture, business logic, and technical specificities of the targeted application.

Typical mission process:

  • Scoping of the perimeter, objectives, and technical constraints
  • Validation of the schedule, implementation methods, and expected deliverables
  • Penetration test execution
  • Detailed restitution: clear report, risk prioritization, actionable recommendations

My approach is based on **transparency**, **confidentiality**, and **reliable results**. The objective is to enable you to precisely identify your weaknesses and make informed decisions to correct them.

Available for one-time or recurring missions.
Software Publishing
Consulting and Audits
Digital Business Models
Education Companies

  • French

    Native or bilingual

  • English

    Fluent

  • Italian

    Fluent

Can work on-site
Poitiers (up to 50km), Bordeaux (up to 50km)

Experience

  • Auto-Entreprise
    Cybersecurity Expert
    CONSULTING AND AUDITS
    September 2022 - Today (3 years and 9 months)

    IT security audit:

    • Penetration tests on Web applications and APIs: identification and exploitation of vulnerabilities.
    • Web server pentests: exploitation to obtain administrator (/root) access in gray or black box mode.
    • Penetration tests on corporate networks (Active Directory) in gray box.
    • Awareness and training on cybersecurity best practices and security integration in the development cycle.

    Software development:

    • Creation of audit tools for cybersecurity specialized companies.
    • Automation and process optimization.
  • ATOS
    C Developer on Transactional Black Boxes (HSM)
    CONSULTING AND AUDITS
    June 2020 - January 2021 (7 months)
    Les Clayes-sous-Bois, France
    Software development on transactional black boxes performing sensitive cryptographic operations.
    Hardware Security Modules (HSMs) are used to isolate encryption and hashing operations in systems requiring a very high level of security, such as military operations.
  • Kungliga Tekniska högskolan
    Research project on self-balancing robots
    RESEARCH
    May 2019 - August 2019 (3 months)
    Stockholm, Sweden
    Design of a remotely controllable self-balancing robot. Development of an architecture resistant to side-channel attacks, definition of a secure communication protocol ensuring the authenticity, integrity, and confidentiality of transmitted messages. Management of constraints related to the embedded world: limited computing power, restricted memory space, etc.

Recommendations

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • OSCP Certification
    OffSec
    2024
    La certification OSCP, acronyme d'Offensive Security Certified Professional, est une accréditation reconnue mondialement dans le domaine de la cybersécurité. Délivrée par Offensive Security, cette certification met l'accent sur les compétences pratiques en matière de sécurité offensive et de tests d'intrusion. Les détenteurs de l'OSCP ont démontré leur capacité à identifier les vulnérabilités, à exploiter des systèmes de manière éthique et à proposer des solutions efficaces pour renforcer la sécurité des environnements informatiques. L'épreuve pratique de l'examen OSCP, souvent appelée "24 heures de torture", met les candidats au défi de pirater des machines virtuelles dans un laps de temps limité, mettant ainsi en avant leurs compétences techniques et leur maîtrise des outils de sécurité.
  • Hacking Platforms
    HackTheBox, root-me, tryhackme ....
    Piratage légal de machines sur des plateformes de cybersécurité internationalement reconnues telles que HackTheBox, Root me, Tryhackme me, me permettant d'acquérir une expertise sur un large éventail de vecteurs d'attaques dans des domaines variés tels que le réseau, le Web, l'élévation de privilèges, les injections SQL et l'abus de failles de configuration. Root me : vanckok - 2840 points HackTheBox : vanckok - Hacker rank ...
Check out Baptiste's education

Certifications

  • OSCP
    Offensive Security
    2024
    https://www.credential.net/044f68b0-540d-4228-a7d5-d5f8b677ccf2#gs.5bb7br
    PowerShell Empire Metasploit Information Gathering Antivirus Exploitation Kali Linux Exploitation Windows Buffer Overflow Bash Scripting Tunneling Privilege Escalation Client Side Attacks Password Attacks Fixing Public Exploits Advanced Command Line Web Exploitation Locating Public Exploits Antivirus Evasion Web Application Attacks Active Directory Attacks Passive Information Gathering Linux Buffer Overflow Pivoting Practical Tools Port Redirection Active Information Gathering Port Scanning Vulnerability Scanning Network Vulnerability Scanning Buffer Overflow Exploits File Transfers

Skill set

Cybersecurity
Offensive Security
Vulnerability Assessment
Embedded software
OSCP
OWASP

Categories