Principal Researcher

Avraham Shemesh

Self-taught developer who shipped his first SaaS at 16. Built and sold a secure internet café business. Transitioned from product engineering to web penetration testing to security research — each step driven by the same instinct: understand how the system works, then find where the design diverges from behavior.

26 WordPress CVEs through Wordfence. VDPs including cable provider paywall bypasses. Web Application Security Architect specializing in SSDLC.

Avraham sets the principle-based mindset that defines how SnailSploit researches. Every finding traces to an underlying principle. Because he comes from building software, he knows where in the development lifecycle each bug should have been caught.

Focus

Web & application security · Cloud infrastructure · SSDLC · Principle-based vulnerability research

Receipts

26 CVEs · WordPress ecosystem research · Cable paywall VDPs

Writing

2026-05-19 · SSDLC

Atomicity as a Security Control — The All-or-Nothing Rule

Atomicity is a security control, not just a database feature. How partial transactions become exploitable inconsistencies — and where in the SSDLC to catch them.

LinkedIn ↗Wordfence profile ↗GitHub ↗