Freelancer profile translated to English.
Back to original languageAbout Jean-Baptiste
Your developers are good at delivering the features that provide **value to your products**. But who is in charge of the security of your application and your clients? You need efficient and secure applications: a one-time audit or long-term support? I intervene according to your needs.
With15 years of .NET development**, including a validated **contributionto the officialMicrosoftdotnet/runtime repository, I have taken these shortcuts myself. I know where they lead and how to fix them. Security doesn't stop at the code: a misconfigured server is enough to expose a robust application.
CertifiedOSCPand **HTB CWES**, I regularly practice bug bounty on YesWeHack to stay in touch with real-world vulnerabilities.
Here's what it looks like in practice:
- Creation of a shared security department (5 people) at a software vendor: internal audits, developer training, CVE monitoring. The system persisted after my departure.
- Coordination of post-pentest remediation on a critical energy sector project (47,000 users): SonarQube/Checkmarx monitoring, runbooks, team empowerment.
Insupport missions**, the objective is concrete: to propose **solutions adapted to the project**, such as raising developer awareness of the **OWASP Top 10**, implementing **automatic detectionof trivial vulnerabilities (SonarQube, Semgrep, ...), or **integrating cyber risk into team practices**.
Services:
- Web and API audit (blackbox/greybox)
- Source code audit
- Remediation support
- Training and awareness for developers and system administrators
Typical clients:SaaS vendors, tech SMEs, large corporations with a .NET stack.
English
Conversational
French
Native or bilingual
Remote only
Primarily works remotely
Experience
- Editeur de logiciel (Confidentiel)
On Malt
Web & Mobile Android Application Security AuditSOFTWARE PUBLISHINGJuly 2025 - July 2025Security audit mission for a composite application (Web portal + Android mobile application) in a multi-tenant SaaS environment.Methodological Approach:
- Blackbox: Mapping of the attack surface and intrusion tests without privileges
- Mobile analysis: Static and dynamic analysis of the Android application
- Greybox: In-depth audit with provided accounts (privilege escalation, access controls, isolation)
- Reporting: Writing the audit report, classifying vulnerabilities, and client presentation
Deliverables:
- Detailed audit report with vulnerability classification
- Prioritized remediation recommendations
Tools: Burp Suite Pro, Frida, MobSF, Python scripting - Editeur de logiciel (Confidentiel)Web Application Security AuditMay 2024 - June 2024Intrusion test on a complex Web application. Mission carried out in mixed mode (blackbox + greybox) with application security objectives.
- Ordanche SolutionsPentester - Cybersecurity AuditorDIGITAL AND ITAugust 2022 - Today (3 years and 9 months)Independent application security consultant activities:
- Web, API, and mobile (Android) penetration testing
- Source code auditing and DevSecOps support
- Active bug bounty hunter on YesWeHack (20 vulnerabilities validated, including 6 critical/high)
- Remediation support and skills transfer
Reviews
Recommendations
TM
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Professional Bachelor's Degree in Biotechnology, specializing in Information Systems and Modeling Applied to BioinformaticsUniversité Clermont-Ferrand I2006
Certifications
- OffSec Certified Professional (OSCP)OffSec (Offensive Security)2023
- Certified Ethical Hacker (CEH)Ec-Council2019