Professional security assessments, penetration testing, and code audits for businesses that take their security seriously.
Targeted security services for web applications, APIs, and infrastructure. Every engagement ends with a clear, actionable report.
Comprehensive scanning and manual testing of your web applications and infrastructure. Prioritized findings with severity ratings and step-by-step remediation guidance your team can act on immediately.
Simulated real-world attacks against your systems. I think like an attacker — testing authentication flows, business logic, and API endpoints — so you can defend like a professional.
Line-by-line security analysis of your source code. Injection points, hardcoded secrets, dependency vulnerabilities, and authentication flaws — found before they reach production.
Deep testing of REST and GraphQL APIs for authorization bypasses, IDOR vulnerabilities, injection attacks, rate limiting gaps, and data exposure in responses.
One-on-one guidance for startups and small businesses. Build your security posture from scratch with plain-English recommendations and a prioritized action plan.
Security review of AI-integrated applications, MCP servers, and LLM pipelines. Prompt injection testing, data leakage analysis, and agent governance assessment.
Direct and indirect injection attacks, system prompt extraction, tool-call abuse, and jailbreak attempts. Practical mitigations — not just theoretical risk ratings.
Agent-to-agent trust boundaries, privilege escalation paths, MCP server hardening, and orchestration layer security. Built for teams deploying autonomous AI pipelines.
Active researcher on HackerOne, Bugcrowd, and Intigriti. Help your team scope a program, set up triage workflows, and think like an attacker before you go public.
Choose the package that fits your needs. Every tier includes a professional report with actionable findings.
Self-service tools and guides for teams that want to improve their security posture on their own schedule.
I'm Jesus Sandoval, founder of DeathAngel Security, based in Las Vegas, Nevada. I specialize in finding security vulnerabilities in web applications, APIs, and AI-integrated systems before malicious actors do.
I'm an active bug bounty hunter on HackerOne and maintain a security-first approach to everything I build and test. My focus is on delivering clear, actionable findings — not checkbox compliance reports that collect dust.
Every client gets direct access to me throughout the engagement. No account managers, no ticket queues, no runaround. You talk to the person doing the work.
Simple, fast, and transparent. Most engagements complete within a week.
Free 15-minute call. We define what's in scope, agree on timeline and price. No surprises.
Automated scanning plus manual testing. I look for what scanners miss — logic flaws, auth bypasses, business-layer vulnerabilities.
Professional findings document with severity ratings, proof-of-concept, and specific remediation steps your dev team can act on.
Questions after delivery? I'm here. Fixes verified at no extra charge within 30 days.
Every engagement delivers a professional security assessment report. Here's what one looks like.
15-20 pages covering executive summary, methodology, detailed findings with severity ratings, proof-of-concept screenshots, and step-by-step remediation guidance.
Ready to find out what's vulnerable? Reach out for a free initial consultation.