{» services «}
Security testing and quality assurance for web applications, APIs and AI systems. Each engagement is scoped to your specific needs — contact me for a tailored proposal.
{ 01 }
< Web Pentesting >
Perfecto. Aquí tienes toda la sección de servicios lista para copiar en Elementor.
INTRO DE LA SECCIÓN
Título:
Services
Subtítulo:
Security testing and quality assurance for web applications, APIs and AI systems. Each engagement is scoped to your specific needs — contact me for a tailored proposal.
SERVICIO 1 — Web Pentesting
(tarjeta principal, la más destacada)
Web Pentesting
Systematic security assessment of web applications and APIs following OWASP Top 10 2021 methodology. Each engagement covers the full attack lifecycle — from reconnaissance to exploitation — with a professional report including evidence, risk rating and remediation guidance.
What’s included:
Reconnaissance & attack surface mapping
Vulnerability identification and exploitation
OWASP Top 10 coverage (SQLi, XSS, CSRF, LFI, IDOR and more)
Network pivoting and lateral movement assessment
Executive summary + technical report with remediation steps
Tooling: Burp Suite · Nmap · Metasploit · FFUF · Gobuster · Wireshark · Hydra Custom OSINT tooling including DORK GEN for advanced reconnaissance
Cert: eJPT — INE Security (2025)
{ 02 }
< QA & Security Testing >
Functional and security coverage in a single engagement. Ideal for teams that need thorough application testing before release or after significant changes. I look for what breaks the app and what exposes it — both matter.
What’s included:
Test case design and execution
Manual and exploratory testing
API testing and validation (REST)
E2E automated testing
Bug reporting with full traceability (Jira / TestRail)
Basic security checks integrated into the QA cycle
Tooling: Postman · Cypress · Selenium · Jira · TestRail · Burp Suite · Python
{ 03 }
< OSINT & Reconnaissance >
Open-source intelligence gathering for security assessments, due diligence or threat awareness. Identify what information about your organisation, infrastructure or personnel is publicly exposed before an attacker does.
What’s included:
Digital footprint mapping
Exposed assets and sensitive file discovery
Infrastructure and domain reconnaissance
Personnel and email exposure analysis
Documented findings report
Tooling: Maltego · Shodan · DORK GEN · Google Dorking · TheHarvester · OSINT Framework
{ 04 }
< AI Systems QA & Red Teaming >
Security and quality testing specifically designed for applications powered by AI and large language models. As AI becomes critical infrastructure, adversarial testing is no longer optional.
What’s included:
Prompt injection testing (direct and indirect)
Jailbreak and restriction bypass attempts
Edge case and semantic consistency evaluation
Bias and harmful output detection
RLHF annotation and rubric design
Findings report with remediation recommendations
Relevant for: SaaS products with AI features, chatbots, LLM-powered APIs, internal AI tools
Not Sure?
Not sure which service fits your needs?
Many engagements combine elements from more than one area — for example, a web pentest that includes OSINT reconnaissance, or a QA cycle with integrated security checks. Get in touch and I’ll scope the right approach for your project.
{*}
<contact_me>
…lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis.