Steven Floresca

Steven Floresca

A.K.A

MEEPMERP

I'm a Senior Offensive Security Researcher with over 10 years of experience finding vulnerabilities in web applications, networks, mobile apps, and APIs.

My security research has led to successful vulnerability discoveries and responsible disclosures with major organizations including X (formerly Twitter), NASA, World Health Organization (WHO), United Nations (UN), Red Bull, Starbucks, NordVPN, Bitwarden, and various U.S. Department of Defense entities, among many other organizations.

I spent 6 years in the Philippine banking industry at Metropolitan Bank & Trust Company (Metrobank), where I led the Offensive Security Team from 2023 to 2025. Currently, I'm working as a Elite Web Application Security Specialist for a North American banking institution.

When I'm not hunting for vulnerabilities, you'll find me coding side projects, gaming, traveling to new places, or behind the camera capturing moments. I believe this blend of technical precision and creative thinking helps me spot security issues others might miss.

GIAC Web Application Penetration Tester (GWAPT)
GWAPT Badge

The Global Information Assurance Certification (GIAC) program is a leading provider and developer of Cyber Security Certifications.

Authenticate
Certified Red Team Analyst (CRTA)
CRTA Badge
100% Score Exam

Certificate is earned by completing the CyberWarFare Labs Red Team Analyst Course and successfully passing the 6 hours practical examination.

Authenticate
SecOps Group Certified AppSec Pentester (CAPen)
CAPen Badge
Awarded with MERIT Score

Certification created by The SecOps Group. Candidates have to prove their knowledge on application pentesting in practical exam.

Authenticate
SecOps Group Certified Network Pentester (CNPen)
CNPen Badge
Awarded with MERIT Score

Intermediate-level exam to test candidate's knowledge on core concepts of network security and practical pentest skills.

Authenticate
SANS542 GIAC Coin Holder
SANS Coin Badge

SANS Challenge Coins: The Ultimate Recognition to Elite Cybersecurity Professionals

Authenticate
Coming Soon

Certification On progress..

Companies I've Hacked

Contributing to security through responsible disclosure

NASA

National Aeronautics and Space Administration - Received Letter of Appreciation for vulnerability disclosure.

World Health Organization

Global health agency - Received recognition for security contribution.

U.S Department of Education

Federal agency - Received official recognition for vulnerability report.

X (Twitter)

Social media platform serving millions worldwide.

Starbucks

Global coffee company with high security standards.

NordVPN

Leading VPN service for speed and security.

Red Bull

Red Bull is the most popular energy drink brand with a market share of 43%, and the third most valuable soft drink brand.

iGraal

Online cashback, deals and coupons platform founded in 2006, operating in France, Germany, Spain, and Poland.

The Coca-Cola Company

American multinational corporation founded in 1892 that manufactures, sells and markets soft drinks worldwide.

Bitwarden

Open source password management solutions.

A.S. Watson Group

World's largest health and beauty retail group.

Smartsheet

Enterprise work management platform.

YouPorn

Adult entertainment platform.

FormAssembly

Web form builder and data collection platform.

Pornhub

Adult entertainment platform.

Acknowledgments for contributions to private programs and more are kept confidential.

Endorsements

From people who trust in my work

"During our time working together at ePLDT, I had the pleasure of witnessing Steven's exceptional adaptability and continuous pursuit of learning. His ability to quickly adapt to new situations and technologies, combined with his eagerness to learn and grow, made him a valuable asset to our team. Steven's dedication to staying ahead of the curve in the ever-evolving field of cybersecurity is truly commendable."

Lloyd Lexter G.
Offensive Security Officer PIPA | C-AI/MLPen | CPTA | eCTHP | Security+ | BTL1 | CRTO | CRTP | OSCP | eJPT

"I had the privilege of working alongside Steven Floresca on a project focused on web application penetration testing, and I was truly amazed by his proficiency and knowledge in this field. Steven displayed an extensive grasp of web application vulnerabilities, successfully identifying and exploiting weaknesses that had been overlooked by others."

Reymark A.
Penetration Tester GIAC GPEN | CNPen | CAPen

"I had the opportunity to learn a great deal about penetration testing and information security while working with Steven. His diverse experience significantly contributed to the success of our team and enhanced the quality of our engagements. Steven consistently demonstrated deep expertise and excellence in both his technical work and his people management skills. What truly sets him apart, though, is his generosity in sharing knowledge—he’s always willing to teach and support his colleagues. He is a perfect example of a leader in a penetration testing team."

Nicolson I.
Offensive Security Officer eWPT | eJPT | C-AIPen | CAPen | CNPen | ECE

Get In Touch

For recommendations or collaboration, don't hesitate to reach out