I am Sherman Davis, an Application Security professional with extensive experience in cybersecurity across multiple roles. Specializing in comprehensive security frameworks, team leadership, and advanced penetration testing for web and mobile applications.
Dynamic and results-driven Application Security professional with extensive experience in cybersecurity across multiple roles. Skilled in developing and implementing comprehensive security frameworks and engagement models to address technical, process, and operational security needs.
Proven expertise in leading teams, conducting technical security consultancy, managing complex projects, and performing both dynamic and static testing for mobile and web applications. Demonstrates strong leadership in driving cybersecurity awareness through thought leadership articles.
Years Experience
Professional Certifications
Client Satisfaction
Real-world security challenges solved through strategic analysis and implementation
Conducted a penetration test on a loan company website and successfully identified high-impact vulnerabilities such as OTP bypass, IDOR, malicious file upload, user enumeration, and session management weaknesses. The assesment demonstrated the real-world risks of account takeover and data exposure, and delivered remediation recommendations that the client implemented to strengthen their application security posture.
The organization’s web application exhibited multiple critical vulnerabilities, posing significant risks of non-compliance with data privacy regulations.
Conducted comprehensive penetration testing across all applications, implemented security framework, and worked directly with development teams to remediate vulnerabilities using secure coding practices.
Secured a school management application serving over 10,000 students and staff, identifying and remediating critical security flaws before public release.
Pre-launch security assessment revealed critical vulnerabilities including insecure data storage, weak authentication mechanisms, and Open Redirect vulnerabilities.
Performed dynamic analysis of the application, identified OWASP Mobile Top 10 vulnerabilities, and provided detailed remediation guidance with secure implementation examples.
Transformed API security infrastructure for a financial services company, protecting sensitive customer data and preventing unauthorized access across distributed services.
Multiple RESTful APIs lacked proper authentication, rate limiting, and input validation, exposing sensitive data and creating potential for data breaches and service disruption.
Conducted comprehensive API penetration testing, implemented OAuth 2.0 authentication, established rate limiting, and created secure API development guidelines for the engineering team.
Exploring the psychological tactics and sophisticated methods used by cybercriminals to exploit human vulnerabilities and bypass security measures.
Read on MediumExploring the latest trends and techniques in mobile application penetration testing, including dynamic and static analysis methodologies.
Coming SoonComprehensive guide to API penetration testing and securing RESTful services in modern web applications.
Coming Soon
Ready to strengthen your organization's cybersecurity posture? I'm here to help you implement robust security measures and protect your digital assets with my extensive experience in application security.