Application Security Consultant | Pentester | Tool Builder

I build tools and automation for application security, with a particular focus on Veracode platform integrations and security tooling. My work spans from fun work with LEDs, to MCP servers, security libraries and pentesting automation.

• veracode-mcp - MCP Server for Veracode integration ⭐
• veracode-skills & veracode-agents - Skills and agents for Veracode automation for the MCP
• cwe-advisor - A Skill for educating developers about CWE vulnerabilities and guiding remediation, with language-specific guidance (Java, Python, JavaScript, C#, PHP, Perl) organised by CWE ID
• veracode-compensating-controls - A Skill for managing compensating controls for Veracode findings
• veracode-pipeline-results - A Skill for working with Veracode Pipeline results (includes Python scripts)
• veracode-local-sca-results - A Skill for working with Veracode Local SCA results (includes Python scripts)
• veracode-tui - Terminal User Interface for Veracode (Go)
• vulnerability-hunting-pipeline - Large-scale GitHub security searches to feed into SAST scanners (Python)
• security-headers-checker - Score security headers including COOP/COEP (JavaScript)

• Dipsy.Security.MemoryProtection - Runtime memory protection for sensitive strings (C#)
• Dipsy.Security.Ldap - LDAP encoding library (C#)

• threadfun - Thread idioms reminders (Win32 C/Go/C#)
• FlawFixingGuidance - My notes from a couple decades of fixing security issues
• PentestingNotes - Organized pentesting notes
• streamdeck-big-clock - Stream Deck plugin (TypeScript)
• disneyland-railroad-simulator - Arduino controller software for WS2812 LEDs, set up for a Disneyland Railroad map. Includes ReactJS representation (C/JS)
• polymarket-monitor - Detects potential insider trading on Polymarket by scoring wallet behavior, tracking known insiders, and alerting on cluster activity (Python)

Languages:   Go | C# | Python | JavaScript/TypeScript | C | PowerShell
Focus:       Application Security | Security Automation | Pentesting
Tools:       Veracode | MCP | Terminal UI | Security Analysis

🎯 Arctic Code Vault Contributor | 🦈 Pull Shark | ⭐ Starstruck | 🎲 YOLO

• 🐘 Mastodon: @BranMacMuffin@ioc.exchange
• 🦋 Bluesky: @branmacmuffin.bsky.social
• 💼 GitHub: You're already here!

Helping folks build secure software, one commit at a time