Leonardo Criollo — Xalapa, Mexico

Backend developer.
Security-minded.

I build reliable backend systems and care about getting the details right. From authentication to deployment.

About

I work in Java and Node.js, primarily on backend services and REST APIs. My background spans microservices, relational databases, and DevOps infrastructure. I have a particular interest in application security. I've applied OWASP standards in production and have hands-on experience with penetration testing tooling.

I'm also a published researcher. My undergraduate thesis became a peer-reviewed literature review on the security of LLM-generated code, published in Programming and Computer Software (Springer, 2025).

Currently

Microservices developer at GDC Systems México, working on a POS platform for Chedraui. I implemented an authentication module with argon2id password hashing (OWASP ASVS compliant), RBAC with JWT, and reduced worst-case authentication latency from ~7 seconds to ~1.8 seconds through parallel history verification.

Projects

algusto work in progress

A recipe finder built around what's in your kitchen. Give it your available ingredients and it returns only recipes you can actually make, no substitutions assumed. Spring Boot 4, JPA, tested with Mockito and DataJpaTest.

Java 25 Spring Boot 4 PostgreSQL Docker

github.com/ctr305/algusto →

Research

Programming and Computer Software — Springer, Vol. 51, 2025

State of the Art of the Security of LLM-Generated Code: A Multivocal Literature Review

Reviewed ~2,800 peer-reviewed studies across IEEE, ACM, ScienceDirect, and Springer. Identified 7 vulnerability categories and 6 mitigation strategies for LLM-assisted development, including persona-based prompting and CWE-focused iterative repair.

doi.org/10.1134/S0361768825700446 →

Stack

Java Spring Boot Node.js Fastify PostgreSQL MySQL Redis Docker Jenkins Nginx Linux OWASP Burp Suite Metasploit

Contact