Back in 2021, when I was a fresh graduate at Systems Limited, my great manager Ali Bandagi asked me a simple question:

“𝘕𝘢𝘫𝘢𝘮, 𝘸𝘩𝘦𝘳𝘦 𝘥𝘰 𝘺𝘰𝘶 𝘴𝘦𝘦 𝘺𝘰𝘶𝘳𝘴𝘦𝘭𝘧 𝘪𝘯 5 𝘺𝘦𝘢𝘳𝘴?”

Without overthinking it, I said:
“𝘐 𝘴𝘦𝘦 𝘮𝘺𝘴𝘦𝘭𝘧 𝘭𝘦𝘢𝘥𝘪𝘯𝘨 𝘮𝘺 𝘰𝘸𝘯 𝘵𝘦𝘢𝘮 𝘰𝘧 𝘵𝘢𝘭𝘦𝘯𝘵𝘦𝘥 𝘱𝘦𝘰𝘱𝘭𝘦 — 𝘪𝘯 𝘮𝘺 𝘰𝘸𝘯 𝘤𝘰𝘮𝘱𝘢𝘯𝘺.”

At the time, it felt like an ambitious answer from someone just starting out.

Looking back now, I’m filled with nothing but 𝗴𝗿𝗮𝘁𝗶𝘁𝘂𝗱𝗲.

Because today, that’s exactly where I am.

2025 was the year I stepped out of my comfort zone — leaving a stable role at a company many aspire to work at, and choosing to build something of my own from the ground up.

Starting Exfiltra wasn’t about taking a risk for the sake of it.

👉 It was about committing to a mission: delivering high-quality application and cloud security, built with depth, integrity, and strong fundamentals.

I’m deeply grateful to God for the opportunities, the strength, and the guidance throughout this journey.

And I’m thankful to everyone in my LinkedIn network — for the encouragement, thoughtful conversations, and trust you placed in my work this year.

Sharing this photo from my office for the first time feels like a quiet milestone.
↳ A reminder that setting clear targets matters — and that I still have much bigger goals ahead.

𝗪𝗶𝘀𝗵𝗶𝗻𝗴 𝗲𝘃𝗲𝗿𝘆𝗼𝗻𝗲 𝗮 𝗵𝗮𝗽𝗽𝘆 𝗮𝗻𝗱 𝘀𝘂𝗰𝗰𝗲𝘀𝘀𝗳𝘂𝗹 𝟮𝟬𝟮𝟲.

I’m looking forward to building more meaningful connections here in the year ahead!

I have recently shifted my small business from Zoho to completely self-hosted opensource products, and been loving it so far.

Shout out to @nextcloud @openproject @vaultwarden_releases and @suitecrm

🚨 OWASP Top 10 (2025) is here!

With some really interesting changes that every developer and security engineer should pay attention to.

For context — OWASP releases its Top 10 web vulnerability categories every 4 years, with the last version released in 2021.

Here are a few major changes this time around 👇

1️⃣ Injection going down the list
This trend makes sense — most modern frameworks now provide strong, built-in protection. Unless a developer really tries to break something, these issues are becoming less common.

2️⃣ SSRF merged into Access Control
This one’s a bit odd. I’m still digging into the reasoning behind it — feels like a stretch, but let’s see how the community interprets it.

3️⃣ A new category: Mishandling of Exceptional Conditions
This one caught my eye. It’s an interesting addition and reflects how subtle error handling flaws can have major security impact.

💡 Access Control remains the king.
Even with AI becoming incredibly capable, it still struggles to test access control properly — every app has its own roles, logic, and edge cases. I don’t see that changing anytime soon.

Now I’m curious —
👉 Do you think Business Logic Vulnerabilities will fall under this new “Exceptional Conditions” category?

Drop your thoughts in the comments — would love to hear how others interpret this year’s changes.