Muhammad Daffa is a vulnerability researcher and experienced bug hunter based in Surabaya with seven years of hands-on security work across private, public, and freelance engagements. He investigates 0-day and N-day vulnerabilities at spiderSilk while maintaining an active HackerOne presence (Reputation: 637) and a track record of meaningful reports to companies like Automattic, Valve, and MariaDB. His background includes penetration testing for educational and government organizations, infrastructure work for a large city admissions system, and teaching cybersecurity courses—demonstrating both practical and instructional strengths. Comfortable bridging offensive research and operational security, he produces thorough pentest reports and early-warning disclosures that help teams remediate risks before exploitation. Notably, he pairs deep technical testing with deployment and monitoring experience (Nginx, MySQL, Grafana/Prometheus), giving him a broader systems perspective than many vulnerability specialists.
7 years of coding experience
1 year of employment as a software developer
Informatics Engineering, Informatics, 3.73, Informatics Engineering, Informatics, 3.73 at Institut Teknologi Sepuluh Nopember (ITS)
Contributions:34 commits, 13 PRs, 152 pushes in 2 months
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Muhammad Daffa - Vulnerability Researcher at Freelance