Web Bounty Flow
My own bug bounty flow and methodology structure for web testing, research organization, and target handling.
Profile and experience
Offensive Security Engineer & Software Developer with 6+ years of backend and full-stack experience, specializing in web automation (Playwright, Python), API security, and custom tooling. Strong background in backend architecture, secure API flows, and high-complexity systems work.
Core strengths
Offensive security thinking applied to product work
Core strengths
Backend and API experience across startup and freelance environments
Core strengths
Automation-first mindset for scraping, auth flows, and operations
Current focus
I work at the overlap of offensive security, backend systems, and automation. The strongest recurring themes in my work are API-heavy product logic, secure flows, and custom tooling that removes manual friction.
Profile snapshot
Experience
Freelance
Timeline
Ongoing
Technologies
Playwright, Python tooling, API security, auth automation
Manual security analysis and custom tooling for APIs, auth flows, and session handling. Playwright covers login/MFA flows, session extraction, and protected scraping, while Python powers recon, endpoint discovery, and workflow tooling.
Career path
This lineup highlights the offensive security, research, and backend work that shaped my engineering direction.
Capabilities and background
Instead of a tool cloud, this is the stack grouped by where I actually use it: backend delivery, frontend support, infrastructure, and practical product work.
The strongest part of my engineering work. Most of my long-term experience sits here.
Java / Spring Boot
Backend architecture, business logic, and API implementation.
Built through
Used in RECASH and earlier backend training and delivery work.
PHP / Laravel
Backend development for legacy systems, admin flows, and business platforms.
Built through
Built through DevWing projects and WordPress/plugin-related work.
Python
Automation, scraping, custom tooling, and workflow scripting.
Built through
A core part of freelance automation, protected scraping, and security tooling. Example scraping work: Bug Bounty Domain Scraper
SQL
Database querying and data handling with PostgreSQL and MySQL.
Built through
Built through backend work at RECASH, DevWing, and product-oriented API development.
I can deliver and improve frontends when needed, even though backend remains the core focus.
JavaScript
General frontend and product work across modern web stacks.
Built through
Used throughout full-stack projects, product work, and frontend support roles.
Angular
Single-page app work and enterprise-style frontend development.
Built through
Used in fintech-related work at RECASH.
Vue.js
Component-based interfaces for business systems and client projects.
Built through
Used in DevWing and other product-facing frontend work.
React / Next.js
Modern frontend delivery for portfolio, service, and product-oriented interfaces.
Built through
Used in current personal site work and newer frontend builds.
CSS / Tailwind
Styling, layout systems, and component-level UI implementation.
Built through
Used in frontend support, landing pages, and current Next.js work.
Used for automation, deployment, security setups, and keeping systems practical to run.
Bash / Shell
Scripting for automation, tooling, recon helpers, and operational tasks.
Built through
Used across freelance security work, automation tooling, and DevOps-heavy tasks.
Linux
Primary environment for security tooling, automation, and server-side work.
Built through
Used continuously in offensive security, scraping, automation, and infrastructure tasks. Example: Fresh OS Install
Git / GitHub / GitLab
Version control, branching, collaboration, and delivery workflows.
Built through
Used across every professional role, freelance project, and personal build.
The supporting layer for shipping websites, internal tools, and client-facing builds.
Figma
Basic UI planning, structure, and visual direction for delivery work.
Built through
Used when shaping page structure, client-facing layouts, and implementation plans.
WordPress
Custom CMS work, landing pages, plugin support, and fast delivery projects.
Built through
Built through client delivery, CMS implementations, and business-facing web work.
Shopify
Store setup, theme-level adjustments, and practical ecommerce delivery work.
Built through
Used in webshop-oriented client work where fast launch and maintainability mattered.
UNAS
Hungarian ecommerce platform work for store setup, customization, and operational delivery.
Built through
Used through local webshop projects and business-facing ecommerce implementations.
Research and offensive work
This is the part of the profile that shows the more offensive, research-driven side of my work. These are not placeholders: they are public references, experiments, and supporting tools. Browse my GitHub for more material, side projects, and related tooling.
My own bug bounty flow and methodology structure for web testing, research organization, and target handling.
A scraping-focused tool for collecting and structuring domain-related targets in a bug bounty context.
Public CSRF-focused test/demo material connected to csrf.alejandro501.xyz, useful as a concrete security demonstration.
Public reference for the XS Logger concept tied to xs-logger.alejandro501.xyz, showing work around browser-side logging and security experimentation.
Linux environment bootstrap and setup work that reflects the practical side of my tooling and system preparation habits.