Web Pentest
XSS, injections, IDOR, CSRF, authentication flaws - exploitable vulnerabilities identified and proven.
View detailsOffensive Security & Cloud
Penetration testing that genuinely reduces your attack surface
Web application testing, AWS IAM audits and continuous programmes - with actionable deliverables for both your technical teams and management. Remote or on-site across France.
10+
years of offensive security experience
100+
audits and penetration tests completed
24h
response time on every enquiry
Services
Three ways to secure your systems
A pragmatic approach: identify what is exploitable, prioritise fixes, measure progress.
AWS IAM Audit
Permission review, privileged accounts and policies on AWS to reduce over-permissioning.
View details
Continuous Pentests
Scheduled campaigns aligned with your release cadence to track risk over time.
View detailsSpecialised offerings
Dedicated scopes when context demands it
Beyond the three core services, three dedicated offerings cover specific technical perimeters in depth.
AWS Pentest
Offensive audit of an AWS cloud environment: IAM privilege escalation, SSRF and IMDSv2, Lambda, STS, cross-account access. Report with reproducible exploitation evidence.
SaaS Pentest
End-to-end SaaS platform testing: web application, REST/GraphQL APIs, authentication and the underlying AWS IAM layer. Built for software vendors and platform operators.
New
AI Red Team
Mapping, pentest and continuous monitoring for AI automations (Cursor, Claude Code, MCP servers, agentic frameworks): IAM, API semantics, prompt injection, resilience.
Process
How an engagement works
From the first contact to retesting your fixes, here are the usual steps.
1
Scoping (1–2 h)
Technical exchange to define scope, legal constraints, testing window and expected deliverables. Quote within 48 hours.
2
Engagement
Tests conducted according to the agreed methodology (black, grey or white box). Every vulnerability is exploited and documented with evidence - no assumptions.
3
Report & Retest
Report delivered, debriefing workshop with your teams, then targeted retest on critical findings after remediation.
Approach
What sets each engagement apart
- Single consultant end-to-end - no subcontracting: you speak directly with the person who ran the tests.
- Proven vulnerabilities, not assumptions - OWASP/PTES methodology, every finding demonstrated with a reproducible proof of concept.
- Two reading levels in the report - executive summary for management, technical detail for dev and ops teams.
- Retest included on critical findings after your remediations.
- Nationwide coverage - remote-first, on-site debriefs available (Toulouse, France).
What you receive at the end of an engagement
- ✓Full PDF report classified by severity (CVSS)
- ✓One-page executive summary for management
- ✓Detailed and reproducible exploitation evidence
- ✓Remediation plan prioritised by team (dev, infra, cloud)
- ✓Debriefing workshop with your technical teams
- ✓Targeted retest on critical findings after remediation
About
Anthony Dessiatnikoff
Independent offensive security consultant with over ten years in information systems security, primarily focused on penetration testing and technical audits (web applications, APIs, cloud environments). I have completed over 100 engagements for organisations ranging from scale-ups to large enterprises.
Based in Toulouse, France - I work remotely or on-site for clients throughout France.
- Web application & API security testing (OWASP/PTES)
- AWS IAM privilege escalation & misconfiguration review
- SaaS security (web front-end + cloud back-end)
- Qualiopi-certified training provider
Training
Qualiopi-certified training programmes
Hands-on programmes for technical teams, developers, software vendors and awareness. Sessions in French; bespoke English sessions on request. Eligible for OPCO funding (Qualiopi).
Securing AWS in production
2 days. IAM hardening, logging, detection and remediation on real AWS environments.
Next session: 23–24 July 2026 (remote).
SaaS Web & AWS Offensive Pentest
3 days. Full attack chain on a modern SaaS: logic flaws, API exploitation, IAM privilege escalation.
Next session: 7–9 September 2026 (remote).
New
Securing AI agent deployments
1 day. Threat model, IAM boundaries, MCP servers, prompt-injection defences for AI agents in production.
Next session: 17 July 2026 (remote).
CRA compliance & product security
1 day. Cyber Resilience Act obligations for software publishers: scope, technical evidence, SBOM, vulnerability handling.
Next session: 20 July 2026 (remote).
Server security to reduce attack surface
2 days. Linux hardening, network exposure, common misconfigurations exploited during real engagements.
Next session: 2–3 July 2026 (remote).
Awareness: the brain and hackers
Partner programme. Social engineering and cognitive biases exploited by attackers; tailored for non-technical audiences.
FAQ
Common questions
A cloud security audit checks conformance to best practices.
An AWS pentest simulates a real attack to identify exploitable weaknesses - in particular IAM misconfigurations, excessive permissions and cross-service abuse chains that could impact a production cloud environment.
Duration depends on the application scope and the complexity of the AWS infrastructure. For a publicly-exposed web SaaS, a complete engagement typically takes between 5 and 10 days to assess the real exploitability of findings.
Yes. Analysis of IAM roles, trust policies and effective permissions is an integral part of an AWS pentest - identifying privilege escalation paths and assessing blast radius in the event of a compromise.
A targeted retest is carried out on critical findings to verify that the applied fixes are effective and that the attack surface has been genuinely reduced.
Based in Toulouse, France, I work primarily with French-based organisations - remote engagements and on-site visits across France. International clients are welcome; all deliverables can be provided in English on request.
Ready to validate your security posture?
Describe your context - I'll propose a realistic scope and timeline.
Request an audit