Training and Pentest

Training and Pentest

I help teams and founders find what an AI would miss.

I'm Cassim (handle: aituglo). Full-time bug bounty hunter, 5+ years in security, specialized in access control and business logic vulnerabilities. Currently Top 30 on YesWeHack, with published CVEs to my name.

This page is for you if you want real eyes on your product, or if your team wants to get sharper at finding vulnerabilities themselves.

Pentest

I run pentests on web apps, mobile apps, desktop apps, and APIs. Usually for:

  • Startups before a funding round, when investors want a third-party check.
  • Teams shipping something new and wanting a critical pass before production.
  • Companies that already got generic scan reports and want something deeper.

What I bring is the angle that tools and LLMs still miss: access control flaws, broken business logic, chained vulnerabilities. The messy human stuff that doesn't show up in automated scans.

Every engagement comes with a clear report, properly validated severity, and a call to walk you through what I found.

Caido training

I'm an official Caido instructor. Caido is the HTTP proxy I use every day on bug bounty, and I teach teams how to use it the way I do.

The training is hands-on. We set up the tool together, I show you the workflows I actually use, and we go through real vulnerability patterns on a controlled environment. No slides with 40 bullet points. Just the tool and real things to hunt.

Available in French or English, based on your team's preference.

Good fit for:

  • Security teams switching from Burp and wanting the fastest ramp-up.
  • Dev and QA teams that want a proper proxy for API testing and bug triage.
  • Bug bounty hunters who want to get sharper and faster.

Track record

  • Top 30 on YesWeHack
  • Multiple published CVEs
  • 5+ years in cybersecurity, currently bug bounty full-time
  • Regular writing at aituglo.com

How it works

  1. Send me a short brief: what you're working on, scope, timing.
  2. We jump on a call to align on goals and constraints.
  3. I send you a clear scope, timeline, and quote.
  4. I work. You get updates along the way, not just a report at the end.
  5. Debrief call, report delivery, and answers to any follow-up questions.

Get in touch

Email: [email protected]
Twitter/X: @aituglo
LinkedIn: cassimkhouani

Tell me what you're working on, the scope you have in mind, and rough timing. I'll get back to you within a couple of days.