My name is Filip Karczewski, and I am an experienced Penetration Tester.
I specialize in identifying security flaws within Web Applications, APIs and Mobile Applications.
I am open to contract engagements.
Comprehensive security assessments for web applications, APIs, and mobile applications.
Delivered with a robust methodology, based on the industry-leading OWASP ASVS 5.0 standard and best practices, a deep dive into application security ensures the uncovering of vulnerabilities and the provision of clear recommendations for improvement. Testing is adapted to fit specific needs and priorities. By simulating realistic attack scenarios, the testing process reveals how threat actors could compromise your applications, offering a clear view of your actual risk exposure.
A comprehensive assessment of mobile application security leverages the industry-leading OWASP MASVS 2.1.0 standard and best practices. Testing is conducted on a variety of available physical devices. This hands-on testing on actual hardware provides realistic attack simulations. Beyond automated scans, manual testing techniques are employed to uncover complex vulnerabilities often missed by other methods. Comprehensive pentest covers both mobile app and its backend.
Extensive experience ensures success in future challenges.
Certified cybersecurity professional with 6+ years of experience specializing in penetration testing of web applications, APIs, and mobile applications (Android & iOS). I've identified many critical vulnerabilities in both pre-production and production environments, working with clients to improve their security. I primarily use grey-box and black-box testing methodologies, and my reports provide clear mitigation strategies and assess the business impact of each vulnerability.
As a former Accenture consultant, I spent 5 years performing penetration tests for a diverse range of clients across Europe, South America, the USA, the Middle East, and Southeast Asia. Prior to my consulting career, I worked in web development, and also performed penetration testing of web applications – providing me with a well-rounded perspective for my consulting work.
My approach combines technical expertise with clear communication, ensuring that complex security findings are translated into actionable recommendations. I strive to deliver high value for my clients and reduce risks that may impact their business.
Industry-recognized certifications that validate my expertise.
Your sensitive data is in safe hands.
All testing activities, findings, and sensitive information remain strictly confidential and are never disclosed to third parties.
Every piece of client data is stored using robust encryption, ensuring its confidentiality and integrity.
All testing data remains on secure, local storage, eliminating the risks associated with cloud exposure.
All penetration tests are conducted from dedicated static IP addresses for complete traceability and accountability.
Only 100% local AI guarantees no risk of sensitive data leakage.
To deliver compelling, client-ready Proof-of-Concepts when they add meaningful value to vulnerability demonstrations. These targeted visual demonstrations help stakeholders understand complex attack scenarios and business impact, making the case for prioritized remediation where it matters most.
To assess the impact and probability of each vulnerability, delivering the most useful data to your stakeholders. This ensures you focus on the findings that matter most, maximizing the value of your pentest investment.
To deliver polished, actionable reports with AI-assisted quality assurance, ensuring clarity, accuracy, and alignment with industry standards. This provides your stakeholders with confident, data-driven insights to improve your security posture.
Final reports undergo rigorous AI-assisted quality assurance, ensuring they are polished, accurate, and easily understood. The AI checks for grammatical correctness, clarity of language, and consistency with industry standards.
Based in Poland. Serving clients worldwide.
Connect with me on LinkedIn to view my professional background and establish a professional relationship for future collaborations.