Leonardo Criollo — Xalapa, Mexico
Backend developer.
Security-minded.
I build reliable backend systems and care about getting the details right. From authentication to deployment.
About
I work in Java and Node.js, primarily on backend services and REST APIs. My background spans microservices, relational databases, and DevOps infrastructure. I have a particular interest in application security. I've applied OWASP standards in production and have hands-on experience with penetration testing tooling.
I'm also a published researcher. My undergraduate thesis became a peer-reviewed literature review on the security of LLM-generated code, published in Programming and Computer Software (Springer, 2025).
Currently
Microservices developer at GDC Systems México, working on a POS platform for Chedraui. I implemented an authentication module with argon2id password hashing (OWASP ASVS compliant), RBAC with JWT, and reduced worst-case authentication latency from ~7 seconds to ~1.8 seconds through parallel history verification.
Projects
A recipe finder built around what's in your kitchen. Give it your available ingredients and it returns only recipes you can actually make, no substitutions assumed. Spring Boot 4, JPA, tested with Mockito and DataJpaTest.
github.com/ctr305/algusto →
Research
Programming and Computer Software — Springer, Vol. 51, 2025
State of the Art of the Security of LLM-Generated Code: A Multivocal Literature Review
Reviewed ~2,800 peer-reviewed studies across IEEE, ACM, ScienceDirect, and Springer. Identified 7 vulnerability categories and 6 mitigation strategies for LLM-assisted development, including persona-based prompting and CWE-focused iterative repair.
doi.org/10.1134/S0361768825700446 →