About Patrik Grobshaeuser
Security Engineer at Shopify. Background in bug bounty hunting, triage management at HackerOne, and hands-on application security testing.
Background
Before starting WSS, I managed Shopify's bug bounty program and led HackerOne's EMEA triage team. I've worked both sides — finding bugs and managing the intake of thousands of vulnerability reports. That background shapes how I approach testing: realistic scenarios, clear impact, and reports that developers can actually act on.
What I Do
Application Security
Security testing of web and mobile applications. I focus on business logic flaws, authentication issues, and the kind of bugs automated scanners won't catch.
Penetration Testing
Manual penetration testing that goes beyond running tools. I simulate real attack paths and document findings with clear severity ratings and fix guidance.
Bug Bounty Consulting
Advice on setting up and running bug bounty programs. I've managed triage operations at HackerOne and built Shopify's program — I know what works and what wastes budget.
Bug Bounty Platforms
3,600+
reputation
Top 100
on Bugcrowd
Top 30
on Intigriti
Talks & Research
Nahamcon 2021 — Amassive Leap in Content Discovery
Talk on using OWASP Amass for content discovery and attack surface mapping.
Troopers 2016 — Security Evaluation of Dual-Stack Systems
Research on security gaps in IPv4/IPv6 dual-stack deployments.
Master's Thesis — iOS Security Research
Auditing iOS-based consumer diagnostic systems, focusing on OBD-II dongle security.
IPv6 Security Analysis
Comparative analysis of IPv4 and IPv6 security policies across 58,000 dual-stacked domains.
Media
Bayerischer Rundfunk – Puls — Featured expert on "Muss ich Angst vor Hackern haben?"
Heise Security — Published research on vulnerabilities in German financial institutions.
Admin Magazine — Published guide on SQL Injection techniques.