← All Projects
JARRED CARTER
SECURITY ENGINEER • FITNESS INSTRUCTOR • MODEL
--:-- [NY] --

Application Security Engineering

A suite of five applied security engineering projects spanning web application security, mobile security, container hardening, binary exploitation, and API protection, with each targeting a distinct layer of the modern application stack with hands-on assessment, remediation, and monitoring.

[SCROLL TO EXPLORE]

Application Security Vulnerability Remediation Secure Development AI/ML Security
View Projects
CHEQ Logo
Playbook

The Problem

Modern applications don't have a single attack surface — they have many. A web app can be hardened while the API it talks to leaks data. A container can be locked down while the mobile client it serves has unencrypted communications. Application security engineering means understanding the full stack and knowing where each layer breaks down under adversarial pressure. These five projects were designed to build exactly that: comprehensive, layer-by-layer security intuition grounded in real remediation work.

What's Included

AI-Ready Security Assessment

  • Identified and remediated 4 critical vulnerabilities (XSS, CSRF, SQL Injection, command injection) in a Django web application
  • Implemented automated detection rules and security controls applicable to AI/ML API environments

Mobile App Security

  • Security audit of an Android gift card application
  • Fixed Intent vulnerabilities and implemented HTTPS encryption for REST API communications
  • Removed privacy-invasive monitoring code

Container Security for ML Environments

  • Secured containerized applications using Kubernetes
  • Implemented automated monitoring with Prometheus
  • Established security controls applicable to AI/ML model serving environments

Binary Security & Fuzzing

  • Identified and fixed 6 buffer overflow and memory corruption vulnerabilities in a legacy C application
  • Achieved 85%+ code coverage through systematic test case development using AFL++ fuzzer

API Security & Monitoring

  • Implemented comprehensive API security controls and monitoring solutions
  • Established foundation for securing AI model APIs and detecting anomalous usage patterns

Impact

Across five projects, every major layer of the modern application stack got put under adversarial pressure — and fixed. From a Django app leaking to SQL injection, to an Android client with unencrypted API traffic, to a legacy C binary hiding buffer overflows, the through-line is the same: find the weakness, understand why it exists, and close it. The AI/ML security angle across multiple projects is particularly relevant as organizations rush to ship model-serving infrastructure without fully understanding its attack surface.

Security documentation

Technical Stack

  • Django: web application framework for security assessment and remediation
  • Burp Suite: web application testing for XSS, CSRF, SQLi, and command injection
  • Android SDK: mobile application security audit and Intent vulnerability analysis
  • Kubernetes: container orchestration and security hardening
  • Prometheus: automated monitoring and anomaly detection for containerized environments
  • AFL++: coverage-guided fuzzer for binary vulnerability discovery
  • GDB: dynamic analysis and memory corruption debugging
  • Python: security control implementation and monitoring automation

[NEXT]

Penetration Testing Engineer