Web Application Pentesting
Manual and tool-assisted assessment of web applications following the OWASP Top 10 methodology. I find what automated scanners miss — logic flaws, auth bypasses, injection chains.
// ethical hacker
Leonardo Baragli
Ethical Hacker @ Cybersolvo
I break things so attackers can't.
Ethical Hacker at Cybersolvo, based in Florence, Italy. I specialize in web application penetration testing, vulnerability assessment, and offensive security. CEH certified, B.Sc. Computer Science.
// 01 — About
Breaking security barriers
before attackers do.
I'm an Ethical Hacker focused on offensive security — finding vulnerabilities in web applications, APIs, and infrastructure before malicious actors do. I translate technical findings into clear risk priorities and actionable remediation plans that actually get fixed.
Currently working at Cybersolvo (since November 2023). Former member of the CyberChallenge national competition team representing the C3T (Tuscan Cybersecurity Competence Center). B.Sc. Computer Science from the University of Florence. CEH certified by EC-Council.
// 02 — Expertise
What I do
API Security Testing
Assessment of REST and GraphQL APIs — authentication, authorization, rate limiting, injection vectors, and sensitive data exposure across the full API surface.
Recon & OSINT
Attack surface mapping, open-source intelligence gathering, enumeration, and threat modeling to understand exposure before an engagement begins.
Reporting & Remediation
Clear technical and executive reports that translate vulnerabilities into real business risk, with prioritized remediation guidance and post-fix re-testing.
// Toolbox
Offensive Tools
Burp SuitenmapffufMetasploitWiresharkGobusterSQLMap
Methodologies
OWASP Top 10OWASP API Top 10PTESOSINTThreat Modeling
Dev / Infra
LinuxDockerNginxGitBashPython
CTF / Research
Web ExploitationPwnCryptographyForensics
// 03 — Projects
What I'm building
An LLM Council platform: submit a prompt, a Supervisor model refines it and dispatches it to a configurable panel of frontier LLMs in parallel. Responses are synthesised into a single answer — you also see each council member's raw output. Built with Next.js, FastAPI, and multi-model orchestration via Anthropic, OpenAI, and Google APIs.
An iOS app to discover and share hidden naturalistic spots in the outdoors. Browse a community-curated map of off-the-beaten-path locations, save your favourites, and contribute new spots with photos and notes. Built with Swift and SwiftUI.
App Store
// 04 — Experience
Where I've worked
Nov 2023 — Present
Ethical Hacker — Cybersolvo
Full-scope penetration testing and vulnerability assessment for clients across industries. Focused on web applications, APIs, and internal networks with end-to-end engagement ownership.
- Reconnaissance, enumeration, exploit chains & controlled post-exploitation
- Technical and executive reports with mitigation roadmaps
- Post-remediation re-testing & sign-off
2023
Certified Ethical Hacker (CEH) — EC-Council
Industry-recognized certification covering ethical hacking phases, attack vectors, countermeasures, and security best practices.
2023
CyberChallenge — Team C3T
Selected for the national CyberChallenge program representing the C3T (Tuscan Cybersecurity Competence Center). Intensive training in offensive security disciplines and national competition participation.
- CTF categories: web, pwn, cryptography, forensics
- Realistic attack scenarios & team-based methodology
2020 — 2023
B.Sc. Computer Science — University of Florence
Undergraduate degree in Computer Science with coursework in networks, operating systems, algorithms, and software engineering.
// 05 — Contact
Want to work
with me?
I work as an Ethical Hacker at Cybersolvo. For professional engagements, reach out via my work email or through the company website. You can also find me on LinkedIn or Instagram.
Visit Cybersolvo