sashasol.com is the personal cybersecurity services and rΓ©sumΓ© site of Oleksandr Soludchyk, positioned around Offensive Security and Application Security Engineering. The site highlights experience across Web/API penetration testing, bug bounty work, secure backend development, and DevSecOps. It also notes 20+ paid vulnerability disclosures on HackerOne and Intigriti, involving programs such as Epic Games, NestlΓ©, and Deliveroo.
The offering is closer to consulting-led application security services than a standardized security product. Capabilities include Web/API/mobile application penetration testing, OWASP Top 10 and CWE reviews, OAuth misconfiguration assessment, DOM XSS, business logic vulnerabilities, WAF bypass, threat modeling, secure code review, and more. Delivery appears to be mainly remote or project-based consulting, with the ability to embed SAST/DAST/SCA into CI/CD. The site mentions Snyk, SonarQube, CycloneDX, GitHub Actions, GitLab CI, secret scanning, policy enforcement, and container image hardening.
The website does not disclose a pricing model, packages, payment methods, SLA, response times, or formal compliance certifications, so commercial procurement would require direct discussion. Support appears to be centered on individual consulting, bug bounty collaboration, security training, and project delivery. It is suitable for well-scoped testing, code review, and security process building; however, if you need 24/7 managed detection and response, compliance-backed assurance, or a large-scale delivery team, the publicly available information is currently insufficient.
A key strength is the close combination of AppSec, OffSec, and backend development experience, which should help in understanding real-world engineering environments such as .NET, Node.js, Java/Spring, AWS, and Azure. The background also suggests practical experience with business logic issues and authentication/authorization flaws that automated scanners often miss. The main drawback is that the site feels more like a personal homepage: it lacks details on team size, customer case studies, sample reports, contract terms, and certifications, leaving limited verifiable material for enterprise procurement.
It is best suited for small and midsize teams, product engineering teams, startups, or overseas projects that need Web/API security assessments before launch, OAuth audits, CI/CD security gate implementation, or developer training. Access and payment information for users in China is not stated, so this remains unknown. If local compliance, Chinese-language delivery, and domestic payment options are required, Chinese alternatives such as DBAPPSecurity, NSFOCUS, Venustech, and Qi An Xin may be worth considering. For international bug bounty and penetration testing platforms, it can be compared with HackerOne Services, Intigriti, Cobalt, and Bishop Fox.
β This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on sashasol.com official site.
sashasol.com is an Ukraine Cybersecurity provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach sashasol.com directly.