I am a Software Engineer (Full-Stack | Security-Aware) focused on building production-grade systems with a strong emphasis on security, authentication, and backend integrity.

My work combines modern web engineering with practical security testing, defensive design, and real-world deployment considerations. I approach systems not only as a developer, but also with the mindset of an attacker and defender.

My journey began with the fundamentals of web development and progressively evolved into building and maintaining end-to-end systems covering:

• frontend architecture
• backend services and APIs
• database design and access control
• authentication, authorization, and payment flows
• deployment, configuration, and environment security

Today, my focus is on building secure full-stack applications where security is considered from the first design decision rather than added later.

As my engineering skills matured, I expanded deeply into security-aware development and offensive/defensive testing practices.

Key areas of continuous development include:

• secure API design and authentication flows
• role-based access control and privilege separation
• database-level security using PostgreSQL Row Level Security (RLS)
• secure handling of secrets, tokens, and environment configuration
• understanding real attack surfaces in modern web applications

Alongside development, I actively practice bug bounty methodologies, combining reconnaissance, manual testing, and controlled experimentation to identify weaknesses in authentication, authorization, and API logic.

BSc (Hons) Computer Networking & Cybersecurity
London Metropolitan University
Expected graduation: 2025

• First Year completed with high academic results
• Second Year completed successfully, with strong focus on networking, security, and systems design

During my studies, I have conducted multiple academic and practical research activities related to:

• Intrusion Detection and Intrusion Prevention Systems (IDS / IPS)
• Network traffic analysis and attack pattern recognition
• Security controls at network and application layers
• Defensive strategies against unauthorized access and abuse

These research activities strengthened my understanding of how real-world attacks manifest and how layered security controls mitigate them.

• Python
• JavaScript
• TypeScript
• Java

• React
• Next.js (App Router)
• Component-driven UI architecture
• Responsive design and client-side validation

• Supabase (PostgreSQL, Auth, RLS)
• REST API design and integration
• Secure authentication and authorization flows
• Stripe payments and subscription systems
• Database schema design and access control

• OWASP Top 10 awareness and mitigation
• Authentication and authorization testing
• API security testing and logic flaw analysis
• Bug bounty reconnaissance and reporting workflows

• curl for HTTP/API testing and request crafting
• Nmap for network scanning and service enumeration
• Linux command-line tooling and scripting
• Experience with Ubuntu, Kali Linux, and security-focused environments
• Familiarity with common Kali tools used for reconnaissance and testing

• Git and GitHub (branching, pull requests)
• Linux and macOS development environments
• CI/CD fundamentals
• Secure environment variable and secrets management

I actively practice bug bounty-style security research, focusing on:

• authentication bypass scenarios
• authorization and privilege escalation issues
• API misuse and logic flaws
• improper access controls and token handling

I am experienced in documenting findings clearly and professionally, producing structured reports that explain:

• vulnerability impact
• reproduction steps
• security implications
• mitigation recommendations

This experience strengthens my ability to design systems defensively and anticipate abuse cases during development.

• LinkedIn: https://uk.linkedin.com/in/sandro-zakaidze-bb425a1a1
• Email: Sandrowest501@outlook.com