}}
JA Jobyer Ahmed
Jobyer Ahmed
Penetration Testing OSCE3 • CISSP • OSCP • CNVP

Penetration Testing Services

Red-team style web, API, and cloud pentesting to uncover real-world risk.

Book a call Message me

Who this is for

Product teams shipping fast
Need real attacker perspective on critical flows before release.
SaaS companies facing buyer security reviews
Show strong findings remediation and control maturity.
Cloud-native teams
Validate IAM, networking, storage, and pipeline security against real attacks.

What you get

  • Manual-first testing with exploit chains, not scanner noise.
  • Prioritized findings with business impact and reproduction steps.
  • Exploit proof or working POCs for critical issues.
  • Developer-ready remediation guidance and retest validation.
  • Cloud and CI/CD hardening recommendations.
  • Executive summary for stakeholders and security reviewers.

How I work

Scoping & assets

Clarify targets, threat scenarios, and rules of engagement.

Recon & attack surface

Enumerate entry points across app, API, auth, and cloud.

Exploit & validate

Exploit findings with proof, privilege escalation, and chaining.

Report & remediate

Deliver prioritized findings with fixes; collaborate with engineers.

Retest & verify

Validate fixes and provide attestation for stakeholders.

Why work with me

  • Offensive security background with OSCE3 and exploit development.
  • Manual, risk-based testing focused on impact and chaining.
  • Developer-ready fixes plus retest to confirm remediation.
  • Reporting that satisfies buyers, SOC 2 / ISO 27001 reviewers, and engineers.

Common hurdles solved

Authentication & session flaws Authorization bypass & IDOR Injection & RCE Cloud misconfigurations CI/CD secrets & supply chain

FAQ

How long does a test take?
Most engagements run 1–3 weeks depending on scope and targets.
Do you retest?
Yes-one retest window is included to validate fixes.
What do you need to start?
Targets, test accounts, threat assumptions, and any change-freeze windows.

Engagement & Pricing

Web/API Pentest

Risk-based testing for critical user and admin flows.
Starting from $1,250 per project.
  • Auth/session, IDOR, logic, and business impact paths
  • API abuse, injection, file upload, SSRF, and access bypass
  • POCs, remediation guidance, and retest
Most popular

Cloud + App

End-to-end coverage: app, API, auth, and cloud attack paths.
Starting from $1,950 per project.
  • IAM paths, network segmentation, storage misconfigs, logging
  • App/API chaining to cloud control plane impact
  • Runbooks for fixes plus retest

Retainer

Monthly/quarterly testing, advisory, and rapid retests.
Starting from $1,500/mo with planned scopes.
  • Recurring pentests with prioritized scopes
  • Fix validation and ad-hoc threat reviews
  • Fast support for security questionnaires
Quotes include scope, timelines, and retest; sample report available on request.

Need a quick check?

For lighter scopes, see the Rapid Vulnerability Assessment option.
Rapid Vulnerability Assessment

Ready to schedule a pentest?

Get senior-led testing with exploit-level depth.

Book a call Message me

Contact

Back home