Research Statement

My research focuses on advancing practical automated security testing for web applications. I investigate techniques that enable scalable, developer-friendly detection of security and privacy vulnerabilities in modern web systems.

Through the design of novel testing frameworks and empirical user studies, I aim to bridge the gap between academic security research and real-world software engineering practice. My work prioritises actionable vulnerability detection, low false-positive rates, and seamless integration into continuous development workflows.

Research Areas

Web API Testing

Techniques for systematically exercising RESTful and GraphQL APIs to uncover security flaws, data exposure issues, and logic inconsistencies.

Automated Software Testing

Design of scalable fuzzing approaches that automatically explore application behaviours with minimal manual configuration.

Vulnerability Hunting

Practical methods for discovering security vulnerabilities in complex web applications, with a focus on actionable and low-noise findings.

Current Projects

Trailblazer

An automated security testing framework that explores complex web application APIs to uncover system crashes without needing an API specification.

Research Impact

My research contributes to making automated security testing more practical, scalable, and usable for developers and security engineers. By focusing on real-world deployment and empirical evaluation, the resulting tools help identify critical vulnerabilities, improving the security and privacy posture of modern web applications.