About Raphaël
- Web applications (front and back-end)
- REST and GraphQL APIs
- Authentication and session management mechanisms
- Business logic and access control
- Sensitive data exposure
French
Native or bilingual
Experience
- Plateforme webCSRF - Email address change without confirmationJune 2026 - June 2026Identification of a CSRF (Cross-Site Request Forgery) vulnerability on the email address change form. By tricking an authenticated user into opening a malicious link (web page, redirect, or email), the attacker could silently substitute the target account's email address with their own without confirmation of the old address and without validation of the new one. This flaw directly paved the way for account takeover.Classified as High.
- Site e-commerceBusiness logic bypass of flawed purchase limitJune 2026 - June 2026Identification of a business logic flaw allowing a user to order multiple units of an item normally limited to one unit per account. The constraint, applied only on the client-side, was bypassable through direct manipulation of HTTP requests. Potential impact on stock, sales fairness, and platform revenue.Classified as Medium.
- Administration publique françaiseCritical IDOR unauthorized access to all user dataApril 2026 - April 2026Discovery of an IDOR (Insecure Direct Object Reference) vulnerability on an official French government platform (.gouv.fr). The flaw allowed any authenticated user to access the complete profiles of other registered users, without server-side access control.Classified as Critical.
Recommendations
Be the first to recommend Raphaël
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4