Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
heitorgouvea.me is the personal website of security researcher Heitor Gouvêa. The content states that the author is based in São Paulo, Brazil, has a software engineering background, and has more than 9 years of experience in the offensive security industry. His research focuses on application/service vulnerability discovery and exploit development, and he has reported vulnerabilities to organizations such as Activision, Nubank, Oracle, and D-Link. The site mainly publishes research notes rather than commercial cybersecurity products.
From a cybersecurity perspective, its value lies in offensive/defensive research and case study analysis. The crawled content prominently features a case involving Nubank’s mobile app “billing links,” which led to personal information exposure: public URLs could display names, CPF numbers, bank account numbers, and branch/institution identifiers without authentication, and could potentially be indexed by search engines or shared across social platforms. The article includes a problem description, PoC script, impact analysis, and references, making it practically useful for understanding OWASP sensitive data exposure, Google Dorking, and web scraping risks. However, it does not provide deployable protection capabilities such as WAF, EDR, vulnerability scanners, or DLP.
The content does not show any SaaS console, enterprise deployment options, alert management, API integration, or ticket-based support. Access simply consists of reading the web pages. The PoC in the article uses Perl, WWW::Mechanize, Mojo::UserAgent, and similar tools to collect search results and parse HTML, but these are research demonstration scripts rather than maintainable enterprise-grade integration solutions.
The site does not disclose subscription plans, consulting service pricing, payment methods, SLAs, or compliance certifications. As such, it should not be evaluated as a purchasable security service. If an organization needs compliance audits, penetration testing reports, or formal vendor support, it would need to separately confirm whether the author offers such services; this cannot be determined from the available content alone.
Its strengths are realistic cases and a clear technical chain, helping security teams understand how public links, search engine indexing, and lack of access control can amplify privacy risks. Its weaknesses are fragmented content, lack of productized capabilities, no Chinese localization, and no service commitments. It is suitable for vulnerability researchers, application security engineers, and fintech security teams as a reference for learning, training, and threat modeling.
The content provides no information about access from mainland China, payment options, or local support, so china_access can only be rated as unknown. If access is unstable, alternative reference sources include OWASP, PortSwigger Web Security Academy, HackerOne Hacktivity, Bugcrowd Blog, as well as Chinese-language communities such as FreeBuf and 安全客.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on heitorgouvea.me official site.
heitorgouvea.me is an Brazil Security provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach heitorgouvea.me directly.