Cybersecurity consulting and research for modern applications
I help developers and small businesses understand their web application risks, fix the issues that matter most, and make better security decisions without the enterprise overhead. Based in Bonn. Currently available for focused engagements.
Web Application Security · DevSecOps · Agentic Security · Penetration Testing
Services
Focused engagements built to uncover meaningful weaknesses, explain risk clearly, and help teams fix the issues that matter first.
Assessment
I look at your web application from an attacker's perspective, focusing on the flows, inputs, and trust boundaries that carry real risk. You get clear findings, explained in plain language, with concrete steps to fix what matters.
Good for: developers launching a product, small teams before a release, or anyone who wants a second pair of eyes.
Guidance
Not every team needs a full pentest. Sometimes you need someone to look at your setup, answer your questions honestly, and help you prioritize. I offer focused conversations and practical advice on web security, secure development, and what to watch out for as you build.
Good for: early-stage teams, solo developers, small businesses moving things online.
Preparation
Thinking about getting a pentest done but not sure where to start? I can walk you through what the process looks like, help you prepare your scope, understand what to expect from a report, and ask the right questions when talking to a testing provider.
Note: This is not a full pentest engagement. It is practical guidance to help you get the most out of one.
How I work
I'm Nikita, a Cybersecurity student at IU International University with a background in electrical engineering and technical project coordination. I started niwo systems to combine hands-on learning with real-world practice. Most of what I know comes from building things, breaking them in controlled lab environments, and figuring out why they broke. I work best with developers and small teams who want honest, practical security support, not fear-driven upselling or reports full of jargon nobody reads.
Engagements stay centered on the flows, trust boundaries, and actions that carry real application risk.
Testing is grounded in how modern web applications are actually attacked, not just checklist coverage.
Findings are written to be understandable, defensible, and useful to both technical and non-technical stakeholders.
Each engagement is meant to help teams fix issues with confidence, not just collect another report.