Available for new projects

ABP Framework / .NET Consulting

ABP Framework across the full stack: backend architecture, DDD boundaries, multi-tenancy, subscription systems, and microservice infrastructure, applied across 10+ distinct production systems at different scales.

Real work

Case Studies

Security Assessment Remediation

Production ABP Framework + Angular + OpenIddict system
  • Led full remediation after a third-party penetration test returned 4 critical and 6 high-severity findings
  • Delivered HttpOnly cookie auth migration, stateless HMAC-signed CSRF tokens, a CSP campaign across Stripe/hCaptcha/iframe integrations, JWT claim hygiene, and impersonation-grant dual-auth hardening
  • Classified 688 of 1,786 Swagger paths as sensitive as part of the audit

10+ Production ABP Systems

Modular monolith, microservices, and traditional monolith
  • Replaced ABP's default LeptonX theme entirely across multiple products
  • Extended ABP's subscription and permission systems beyond framework defaults
  • Designed reusable module boundaries enforced via dependency inversion, not convention alone
  • More on how I weigh these architecture calls: do you actually need microservices? →
Toolbox

Stack & Technologies

ABP Framework.NET / C#ASP.NET CoreEntity Framework CorePostgreSQLOpenIddictDDDModular MonolithMicroservicesCQRSMediatRAngularBlazor
Common questions

FAQ

What makes your ABP Framework expertise different from a general .NET developer's?

Depth across 10+ distinct production ABP systems at different scales and architectures: I've replaced the default LeptonX theme entirely, extended the subscription and permission systems beyond their defaults, and designed module boundaries enforced through dependency inversion rather than convention.

Can you review an existing ABP/.NET codebase before we commit to a direction?

Yes. Architecture reviews and codebase audits are a standalone service, independent of whether you also want implementation work.

Do you handle security assessments and remediation?

Yes. I led full remediation of a third-party pentest with 4 critical and 6 high-severity findings on a production ABP + Angular system: HttpOnly cookie migration, CSRF, CSP, JWT hygiene, and OAuth grant hardening, going well beyond patching the obvious findings.

Should we use a modular monolith or microservices?

For most products, the modular monolith is the stronger choice: it's simpler to operate, and a well-designed one handles significant traffic. Microservices earn their complexity from independent deployment and team autonomy needs, not from assumptions about future scale. I have production experience with both and can help you make that call against your actual constraints.

Need deep ABP Framework or .NET expertise?

Whether it's a review, a security remediation, or hands-on implementation, let's talk about your system.

Start a conversation →