Authentication & Identity Security

Tom Stacy

@cctbp  ·  Security Researcher

I specialize in authentication and session flows in modern web applications and identity providers.

I hunt the seams — where theory, implementations, and business logic collide.

Get in Touch Read Research →
Focus Areas
Login & Registration
MFA & Passwordless
OAuth 2.0 / OIDC
SAML
Session Lifecycle
Cross-App Auth
Cross-Tenant Edge Cases
Admin vs User Boundaries
Identity Providers
Business Logic Flaws
Research
Research Notes & Writeups

The Auth Lab

Deep dives into authentication edge cases, session logic failures, and reproducible exploit scenarios.
Contact

Get in touch

Available for consulting, security reviews, and research collaboration focused on authentication and identity systems.

PGP Public Key
-----BEGIN PGP PUBLIC KEY BLOCK----- mQGNBGlggfcBDADMwaUtJIrBH53CH2Q+/V0I0zkYj4uEwZjNGWhZzBO+THNMG8rl Xf0TfFS9TPZGCNvaed6v1vU+jhbdckr7Ri0X4RCDY72k7gUw5G4sjP/gRsK1W7lG boZFLfUC1DMxqR1AB2YMcAjmHXb4WPQ7Q4UCPdz46k/vWqLjXnqXuS5K0fFMDQQI TluW/Hzq1vKjgOQbWr6GHJNkG22BkzFQHgoyRW2kMAU5m+6/hF/Y95Y44om2B0SX...