Offensive Security & Cloud

Penetration testing that genuinely reduces your attack surface

Web application testing, AWS IAM audits and continuous programmes - with actionable deliverables for both your technical teams and management. Remote or on-site across France.

Request an audit Discover our services
10+

years of offensive security experience

100+

audits and penetration tests completed

24h

response time on every enquiry

Services

Three ways to secure your systems

A pragmatic approach: identify what is exploitable, prioritise fixes, measure progress.

Web penetration testing - application analysis on multiple screens

Web Pentest

XSS, injections, IDOR, CSRF, authentication flaws - exploitable vulnerabilities identified and proven.

View details
AWS IAM audit - identity management, roles and cloud policies

AWS IAM Audit

Permission review, privileged accounts and policies on AWS to reduce over-permissioning.

View details
Continuous security testing - monitoring and regular penetration tests

Continuous Pentests

Scheduled campaigns aligned with your release cadence to track risk over time.

View details

Process

How an engagement works

From the first contact to retesting your fixes, here are the usual steps.

1

Scoping (1–2 h)

Technical exchange to define scope, legal constraints, testing window and expected deliverables. Quote within 48 hours.

2

Engagement

Tests conducted according to the agreed methodology (black, grey or white box). Every vulnerability is exploited and documented with evidence - no assumptions.

3

Report & Retest

Report delivered, debriefing workshop with your teams, then targeted retest on critical findings after remediation.

Approach

What sets each engagement apart

  • Single consultant end-to-end - no subcontracting: you speak directly with the person who ran the tests.
  • Proven vulnerabilities, not assumptions - OWASP/PTES methodology, every finding demonstrated with a reproducible proof of concept.
  • Two reading levels in the report - executive summary for management, technical detail for dev and ops teams.
  • Retest included on critical findings after your remediations.
  • Nationwide coverage - remote-first, on-site debriefs available (Toulouse, France).

What you receive at the end of an engagement

  • Full PDF report classified by severity (CVSS)
  • One-page executive summary for management
  • Detailed and reproducible exploitation evidence
  • Remediation plan prioritised by team (dev, infra, cloud)
  • Debriefing workshop with your technical teams
  • Targeted retest on critical findings after remediation
Anthony Dessiatnikoff - Offensive Security Consultant

About

Anthony Dessiatnikoff

Independent offensive security consultant with over ten years in information systems security, primarily focused on penetration testing and technical audits (web applications, APIs, cloud environments). I have completed over 100 engagements for organisations ranging from scale-ups to large enterprises.

Based in Toulouse, France - I work remotely or on-site for clients throughout France.

  • Web application & API security testing (OWASP/PTES)
  • AWS IAM privilege escalation & misconfiguration review
  • SaaS security (web front-end + cloud back-end)
  • Qualiopi-certified training provider
Full profile (French)

FAQ

Common questions

A cloud security audit checks conformance to best practices.

An AWS pentest simulates a real attack to identify exploitable weaknesses - in particular IAM misconfigurations, excessive permissions and cross-service abuse chains that could impact a production cloud environment.

Duration depends on the application scope and the complexity of the AWS infrastructure. For a publicly-exposed web SaaS, a complete engagement typically takes between 5 and 10 days to assess the real exploitability of findings.

Yes. Analysis of IAM roles, trust policies and effective permissions is an integral part of an AWS pentest - identifying privilege escalation paths and assessing blast radius in the event of a compromise.

A targeted retest is carried out on critical findings to verify that the applied fixes are effective and that the attack surface has been genuinely reduced.

Based in Toulouse, France, I work primarily with French-based organisations - remote engagements and on-site visits across France. International clients are welcome; all deliverables can be provided in English on request.

Ready to validate your security posture?

Describe your context - I'll propose a realistic scope and timeline.

Request an audit