GNU/Linux 6.1.0 (julio@portfolio) tty1
Full Stack Developer with solid experience in React and NodeJS. Worked in agile and international environments, building and scaling web/mobile solutions. Experienced in performance optimization, scalability, and integration of systems with robust APIs. I am also a Cybersecurity enthusiast, with a focus on vulnerability identification, ethical exploitation, and responsible disclosure. I have contributed to improving the security of major companies. I prioritize clear and assertive communication to enhance collaboration in agile teams.
- >Architected scalable React web applications with reusable components, improving performance and accelerating delivery cycles across concurrent projects.
- >Optimized NextJS applications for performance and SEO, enhancing page load speed and organic search visibility for client-facing platforms.
- >Developed cross-platform mobile applications for iOS and Android using React Native, delivering consistent user experiences across devices
- >Designed and developed RESTful APIs with Ruby on Rails and NodeJS, delivering well-structured and documented services that streamlined front-end integration.
- >Managed concurrent projects for clients in e-commerce, agribusiness, and investment fund sectors, operating in agile and international environments.
> Endpoint /checkout/ajax/ajax-processar-venda.php exploited via single packet attack over HTTP/2. Firing multiple parallel requests over a single connection during checkout enabled double spending of gift card balance, where the same balance was consumed multiple times simultaneously, resulting in obtaining multiple gift cards at no additional cost.
> Endpoint /crava/redeem-benefits exploited via single packet attack over HTTP/2. Firing multiple parallel requests over a single connection during welcome benefit redemption enabled double spending of the account's initial 50 points, where the same balance was consumed multiple times simultaneously, resulting in obtaining multiple R$5 credits at no additional point cost.
> Endpoint /rewards/redemption exploited via single packet attack over HTTP/2. Firing 20–30 parallel requests over a single connection during reward/voucher redemption enabled double spending of Justos points, where the same balance was consumed multiple times simultaneously. The exploitation resulted in a negative point balance on the account and the obtainment of multiple vouchers at no additional point cost.
> Endpoint /bff/consumers:accept-terms exploited via last-byte sync attack over HTTP/1.1. Firing 100+ synchronized parallel requests allowed multiple term acceptances on a single account, resulting in credit duplication in the "Zé Compensa" loyalty program.