Patrik Fehrenbach

I'm a Security Engineer at Shopify with over a decade of experience in application security and bug bounty hunting. Through WSS, I provide expert security assessments and penetration testing services to help organizations secure their digital assets.

My Journey

As the founder of WSS, I bring my extensive experience from managing Shopify's bug bounty program and my previous role as Manager of Triage Services EMEA at HackerOne. My unique perspective comes from working on both sides of the security industry - as a bug bounty hunter and as a security program manager.

Services I Offer

Application Security

In-depth security assessments of web and mobile applications, drawing from my experience finding vulnerabilities in major platforms like Google, PayPal, and Facebook.

Penetration Testing

Professional penetration testing with a focus on real-world attack scenarios and business impact, backed by my experience as a top-ranked security researcher.

Bug Bounty Consulting

Strategic guidance on bug bounty programs, leveraging my experience managing HackerOne's EMEA triage team and Shopify's bug bounty program.

Platform Recognition

HackerOne
3,600+

Reputation Points

Bugcrowd
Top 100

Global Ranking

Intigriti
Top 30

Researcher

10+

Years Experience

Speaking Engagements

Nahamcon 2021

Amassive Leap in Content Discovery

Presented innovative techniques for discovering hidden content and attack surface expansion.

Troopers 2016

Security Evaluation of Dual-Stack Systems

Deep dive into security implications of IPv4 and IPv6 dual-stack implementations.

Media & Publications

Bayerischer Rundfunk – Puls

Featured expert on "Muss ich Angst vor Hackern haben?"

Heise Security

Published research on vulnerabilities in German financial institutions

Admin Magazine

Authored comprehensive guide on SQL Injection

Notable Research

iOS Security Research

Master's thesis on auditing iOS-based consumer diagnostic systems, focusing on OBD-II dongles security.

IPv6 Security Analysis

Comparative analysis of IPv4 and IPv6 security policies across 58,000 dual-stacked domains.

Let's Secure Your Applications

Get in touch to discuss how I can help protect your digital assets.

Contact Me