Skip to content
Jalwan
About

Security testing, done by a specialist who cares about your fix

I'm Jalwan — an independent web application penetration tester. I help SaaS companies, startups, and product teams find the vulnerabilities that matter and fix them with confidence.

I've spent years breaking into web applications so the right people can fix them first. My work sits at the intersection of deep technical testing and clear communication — because a vulnerability report only matters if your team can act on it.

Most security testing on the market leans on automated scanners and generic templates. That approach misses the flaws that actually get companies breached: broken access control, subtle authentication bypasses, and business logic that behaves in ways nobody intended. Those take a human. That's the work I do, by hand, on every engagement.

Working with a freelance specialist means you deal directly with the person doing the testing. No layers of account management, no junior hand-offs. Just senior-level testing, direct answers, and reports written to be used — not filed away.

Focus areas

  • Web application penetration testing
  • REST & GraphQL API security
  • Multi-tenant SaaS security
  • Authentication & authorization
  • Business logic & workflow abuse

By the numbers

30+
Engagements
100+
High/critical findings
4
Years experience
10 days
Avg turnaround
How I work

Principles behind every engagement

Depth over checklists

I test the way an attacker thinks — chaining small issues into real impact — rather than ticking boxes on a template.

Honest severity

No inflated criticals to justify an invoice. You get findings rated on genuine business impact, so you can trust the numbers.

Clarity for everyone

Reports that speak to executives and engineers alike, because a finding nobody understands never gets fixed.

Standards you can defend

Work aligned to OWASP, PTES, and NIST so your test holds up to auditors, customers, and your own board.

Ready to find your vulnerabilities before attackers do?

Book a security assessment and get a clear, prioritized picture of your application's real risk. No obligation, no automated-scan fluff.