Application Security Consultant | Pentester | Tool Builder
I build tools and automation for application security, with a particular focus on Veracode platform integrations and security tooling. My work spans from terminal UIs and MCP servers to security libraries and pentesting automation.
- veracode-mcp - MCP Server for Veracode integration β
- veracode-skills & veracode-agents - Skills and agents for Veracode automation for the MCP
- veracode-compensating-controls - A Skill for managing compensating controls for Veracode findings
- veracode-pipeline-results - A Skill for working with Pipeline results (Python)
- veracode-local-sca-results - A Skill for working with Local SCA results (Python)
- veracode-tui - Terminal User Interface for Veracode (Go)
- github-dorks - Large-scale GitHub security searches to feed into SAST scanners
- security-headers-checker - Score security headers including COOP/COEP
- Dipsy.Security.MemoryProtection - Runtime memory protection for sensitive strings (C#)
- Dipsy.Security.Ldap - LDAP encoding library (C#)
- threadfun - Thread idioms reminders (Win32 C/Go/C#)
- FlawFixingGuidance - My notes from a couple decades of fixing security issues
- PentestingNotes - Organized pentesting notes
- streamdeck-big-clock - Stream Deck plugin (TypeScript)
- disneyland-railroad-simulator - Arduino controller software for WS2812 LEDs, set up for a Disneyland Railroad map. Includes ReactJS representation (C/JS)
Languages: Go | C# | Python | JavaScript/TypeScript | C | PowerShell
Focus: Application Security | Security Automation | Pentesting
Tools: Veracode | MCP | Terminal UI | Security Analysis
π― Arctic Code Vault Contributor | π¦ Pull Shark | β Starstruck | π² YOLO
- π Mastodon: @BranMacMuffin@ioc.exchange
- π¦ Bluesky: @branmacmuffin.bsky.social
- πΌ GitHub: You're already here!
Helping folks build secure software, one commit at a time