avatar

Gwendal Le Coguic

Independent cybersecurity expert

Email: contact@glc.st
Web: glc.st | offsec.tools
Resume: download

About

I've been developing my expertise in the web field for 25 years.

My experience was built on an initial focus on development and Linux server administration. My professional activities subsequently allowed me to specialize in web application security, both defensive and offensive.

I have worked in this capacity for several years as a consultant, auditor, and trainer. I've also had the opportunity to supervise teams of developers/auditors as a manager, as well as to address UX, SEO, and security issues.

Now as an independent expert, I offer my expertise through the following services:

  • Penetration testing (web pentest)
  • Configuration audit (Linux system)
  • Training for developers
  • Awareness training for all audiences

For any additional information, advice, or quotes, contact me by email or through one of the social media channels listed at the top of this page. I promise to respond with the responsiveness and thoroughness required by your needs.

Main experiences

 

Trainer

numerous companies

Since 2022

courses details

Creation and delivery of training in french and english

  • Bug Bounty overview: a presentation for companies who want to know more about bug bounty to take the good descision: actors, programs, reports, rewards, rules, evolution, case studies...
  • Cybersecurity awareness: strengthen your IT security, protect your data, avoid phishing and ransomware and become the security expert in your company!
  • Introduction to pentesting: learn how to find and exploit the most common vulnerabilities in web testing and other network services.
  • Hacking & web application security: 3 days course for tech peoples who want to learn the basic vulnerabilities of modern webapps: input validation, xss, sqli, passwords, cookies, tools and true stories...
  • Advanced hacking & web application security: 2 days to learn advanced vulnerabilities of modern webapps: ssrf, xxe, dependency confusion, subdomain takeover...
  • Laravel security: best practices to protect your applications based on one of the most popular PHP framework.
  • PHP for beginners: understand the basics of PHP: object-oriented programming, storage, data exfiltration, database and more...
  • The basics of SQL: a 2-day hands-on SQL training covering schema design, advanced queries, and performance tuning.
  • Bash scripting: a 3 days course to learn, automate, simplify with Bash.

 

Auditor

French Ministy of Armies

February 2020 - April 2024

Audit of numerous Linux systems and web applications

  • Penetration Testing: search for known vulnerabilities, search for data leaks, simulate attacks, attempt code injections... Risk assessment and drafting of recommendations.
  • Configuration Audit: analysis of the configuration of servers and installed services, verification of compliance with ANSSI recommendations, verification of password strength...
  • Code Audit: identification of third-party libraries, search for known vulnerabilities, configuration checks, analysis of encryption methods, search for code smells and best practices checks, password research... Risk assessment and drafting of recommendations.

 

Bug Hunter

numerous companies

Since 2016

Participation in numerous Bug Bounty programs through various platforms

Companies : Uber, Yahoo, Payfit, Blablacar, MindGeek, Deliveroo, Decathlon, Swisscom, BPCE and more...

  • Information gathering
  • Exploitation, post-exploitation
  • Development of automation tools (PHP, Python, Golang, Bash)
  • Discovery of public vulnerabilities
  • Personal CVEs

Vulnerabilities : Amazon buckets, subdomain takeover, SQL injections, IDOR, XSS, CSRF, SSRF, RCE, XXE...

 

Full stack developer

Since 1999

Boursorama, Marie Claire, Hi-Media, Shopping Internet

  • Website and back office
  • Statistical tools
  • Online payment system
  • Audiotel services
  • PCI-DSS compliance
  • Specifications writing
  • Server maintenance
  • Database management
  • Project and team management

Technologies : PHP, JavaScript, HTML, CSS, Git, SVN, MySQL, PostgreSQL, SQL Server, Apache, Nginx, Wordpress, Drupal, Laravel, NuxtJS, jQuery, Bootstrap...

Scholarship and certificates

Docker

2025

Human Coders

https://www.humancoders.com/

Blockchain & DApps

2024

ACADEE

https://www.acadee-formation.com/

Ansible

2024

Human Coders

https://www.humancoders.com/

Burp Suite Pro

2018

Nicolas Grégoire

https://www.agarri.fr/

OSCP

Pentesting with Kali Linux

2015

Offensive Security

https://www.offsec.com/

University degree of data processing

1999

University Institute of Technology Paris 8

Bachelor degree of electronics

1996

Professional secondary school Condorcet

Langues

  • French : native
  • English : fluent

Autres occupations

Beside technology, I favor physical and artistic activities, including:

  • sports: climbing, running, and strengthening.
  • exhibitions: street art and contemporary art.
 
 
 
Gwendal Le Coguic - contact@glc.st - quotes on request - SIRET 79778302400038