Hello, my name is Roman Rott!
I'm a Full-Stack Ruby developer with a strong interest in ethical hacking, penetration testing and vulnerability analysis. I have 15 years of IT experience and 8 years experience dedicated to web-development.
Ruby is my favorite when it comes to following TDD and OOP best practices, while EcmaScript and TypeScript are the best one for front-end.
I do enjoy building everything from small OSS aps and libs, landing pages, business sites to rich interactive web apps, single page applications, etc.
I'm working remotely on web projects for clients all over the world and from time to time I take part in bug-bounty programs.
Over the 9 years I occupied different positions in different departments in a big Shared and Cloud Hosting company, IxWebhosting.com. 5 of them were in Tech Support department and 4 in IT as a Ruby/Rails developer. There I've gained experience dealing with someone else's code, debugging it, as well as with catching security flaws and bugs.
For the last 5 years I've been working as a full-stack ruby developer, where I've got extended experience in React, Redux, TypeScript and Svelte.
I also design and develop vulnerable applications for CTF hacking games that give an opportunity for security enthusiasts to practice their skills. Below is a portfolio that contains a list of such apps and web services.
All of these sites and services were developed using Ruby, JS/ES6, TypeScript, CoffeeScript, React, Redux, Svelte, Sinatra, Padrino and RoR frameworks. Some of them handles large amounts of traffic on daily basis.
My Full-Stack web developer portfolio is a brief summary of the projects samples that I've accomplished during the last years.
I enjoy testing websites for security vulnerabilities (both white-box and black-box) independently or on the platforms like BugCrowd I held several internal Web Application Security Assessments for the products I've been working on as a developer, preparing reports and/or fixing found bugs and issues. My interest in the Ethical Hacking has resulted in dozens of found and reported security issues in such services as rubygems.org, ZeroMail, tagged.com, cater2.me, etc.
I am a member of NoNameCon 2021 core team - the Ukrainian community-built practical cybersecurity conference.
I also used to design, deploy and support vulnerable web and mobile applications for CTF hacking games organized or supported by the «Berezha Security Group» for: