David Hamann Developer & Penetration Tester

Hi, I'm David

I am a developer, penetration tester and IT consultant. My company helps small and medium-sized organizations in the areas of software development, security and custom IT needs.

Based in Hamburg, Germany, I work remotely for clients from around the world. Besides client engagements I keep up with the changing IT landscape by continuously participating in trainings, certifications and IT security challenges. I obtained several certifications, such as the OSCP (Offensive Security Certified Professional) and eCPPT (Certified Professional Penetration Tester).

Interested in working with me?

Take a look at my services or contact me directly.

(For the German version of this site, please click here).

Services

Below you'll find a broad description of my service offerings. Unsure, if your project fits my service offering? Just send me a short message and we'll find out.

Software Development / Web Development

Custom solutions for custom business processes. My company helps you with requirement analysis, development and maintenance of custom applications for internal or external use, including fully-fledged web & desktop applications, APIs and custom helper tools. Over the last decade I've built applications using several languages and technologies (such as Python, JavaScript, PHP, SQL & NoSQL, FileMaker, and various frameworks) for companies in both service and manufacturing industries.

Penetration Testing

How far can a potential attacker reach into your network? Are your systems, applications and networks sufficiently protected and what impact would a cyber attack have on the confidentiality, integrity and availability of your data and services?

A penetration test can assess the security of your IT systems both from an internal and external perspective, using known tools and techniques leveraged by today's attackers. While an internal penetration test simulates the situation of an attacker that has already gained access to your internal network ("assumed breach"), an external test takes a look at your organization from the outside. A combination of both is an option as well.

Before performing the test, I will discuss with you the type and scope as well as the desired scenario and goals of the assessment. The result of the penetration test is a report of identified and exploited vulnerabilities including classification, remediation recommendations and a description of how the exploitation was performed.

As an alternative to a full penetration test, a vulnerabilitiy assessment can be performed to get a first impression of the state of the security of your applications/systems/networks and get actionable recommendations for improving your defenses. In a vulnerabilitiy assessment weaknesses are identified without the attempt of exploitation or proof of concept code.

Web Application Security Assessments

Web applications often handle critical business processes of an organization and are in most cases also a portal from the outside to the inside. In a web assessement internal or external applications are inspected for vulnerabilities – these range from insufficient input validations over issues with authentication and authorization to misconfigurations of components and services. With growing complexity usually the attack surface grows as well. A web application test gives you insights into potential weaknesses of your web app and can be performed with (limited) or without previous knowledge (white box, gray box, black box).

When deciding for applications to assess, consider that an attacker might as well pick old(er) and easier targets on the same system/network, if they are available, and not necessarily your latest and greatest app to get a first foothold.

Miscellaneous

Not all of my projects fit into the above categories. In the past I've also helped clients with tasks like: systems administration, mobile applications, networks, code reviews, hardware setups, workshops/coachings, process and requirements analysis, and general IT consulting and troubleshooting. While not every task fits all the time and my resources are limited, just consider sending me a message – I'm also happy if I can help you with a link or a contact.

Let's start a project.

Write me a short message using the form below or give me a call on +49 40 287 888 06.

Please provide your first and last name.
Email address to use for this request.

Moin! Sprechen Sie deutsch? 🇩🇪

Ich auch. Klicken Sie hier für die deutsche Version dieser Seite.