GNU/Linux 6.1.0 (julio@portfolio) tty1

julio@portfolio:~$ whoami
>> JULIO CESAR
Full Stack Developer

Full Stack Developer with solid experience in React and Node.js. I have worked in agile and international environments, developing and scaling web/mobile solutions for e-commerce platforms, CRMs, and investment funds. Experienced in performance optimization, scalability, and system integration with robust APIs. I am also a self-taught Cybersecurity professional, focused on vulnerability identification, ethical exploitation, and responsible disclosure, having contributed to improving the security of major companies. I prioritize clear and assertive communication to strengthen collaboration in agile teams.

julio@portfolio:~$ skills
Javascript
TypeScript
Ruby
React
Next.js
React Native
Tailwind
Node.js
Ruby on Rails
PostgreSQL
MySQL
Redis
Docker
AWS
Git
CI/CD
Jest
OWASP Top 10
Burp Suite
julio@portfolio:~$ experience
Full Stack Developer@Avantsoft// 12/2022 - 02/2024
  • >Developed web applications using React, creating robust and reusable components, improving performance and reducing project delivery time
  • >Developed hybrid mobile apps (iOS/Android) with React Native
  • >Developed REST APIs with Ruby on Rails and Node.js
  • >Developed and optimized multiple applications with Next.js to improve performance and SEO
  • >Managed multiple projects simultaneously with different technologies
// apps/projects:[Big Delivery][Big Delivery App][BMF][VCT Agro App]among other internal projects
julio@portfolio:~$ education
Bachelor in Software Engineering@UCSAL// 08/2022 - 12/2026
julio@portfolio:~$ vulnerabilities
Zé Delivery@Race Condition(CWE 367)
[high]Fixed// 2026-02

> Endpoint /bff/consumers:accept-terms exploited via last-byte sync attack over HTTP/1.1. Firing 100+ synchronized parallel requests allowed multiple term acceptances on a single account, resulting in credit duplication in the "Zé Compensa" loyalty program.

// proofs:[#1][#2][#3]
Growth Supplements@Race Condition(CWE 367)
[critical]Fixed// 2025-09

> Endpoint /checkout/ajax/ajax-processar-venda.php exploited via single packet attack over HTTP/2. Firing multiple parallel requests over a single connection during checkout enabled double spending of gift card balance, where the same balance was consumed multiple times simultaneously, resulting in obtaining multiple gift cards at no additional cost.

// proofs:[#1][#2]
Spoint@Race Condition(CWE 367)
[critical]Fixed// 2025-09

> Endpoint /crava/redeem-benefits exploited via single packet attack over HTTP/2. Firing multiple parallel requests over a single connection during welcome benefit redemption enabled double spending of the account's initial 50 points, where the same balance was consumed multiple times simultaneously, resulting in obtaining multiple R$5 credits at no additional point cost.

// proofs:[#1]
Justos@Race Condition(CWE 367)
[critical]Fixed// 2025-09

> Endpoint /rewards/redemption exploited via single packet attack over HTTP/2. Firing 20–30 parallel requests over a single connection during reward/voucher redemption enabled double spending of Justos points, where the same balance was consumed multiple times simultaneously. The exploitation resulted in a negative point balance on the account and the obtainment of multiple vouchers at no additional point cost.

// proofs:[#1][#2]
Vale Bonus@Lorem ipsum(CWE ???)
[critical]Acknowledged// 2025-09

>

// in progress

Soloist.ai (from Mozilla)@Lorem ipsum(CWE ???)
[high]Reported// 2026-02

>

// in progress

Burger King@Lorem ipsum(CWE ???)
[critical]Reported// 2026-02

>

// in progress

julio@portfolio:~$ contact
email:jlcesar@pm.me
location:Salvador, Bahia - BR
linkedin:linkedin.com/in/jlcesarr
github:
github.com/julio-ces4r/github.com/jlcesarr(old acc)
julio@portfolio:~$