Leonardo Criollo — Xalapa, Mexico
Backend developer.
Security-minded.
I build reliable backend systems and care about getting the details right — from authentication to deployment.
About
I work in Java and Node.js, primarily on backend services and REST APIs. My background spans microservices, relational databases, and DevOps infrastructure. I have a particular interest in application security — I've applied OWASP standards in production and have hands-on experience with penetration testing tooling.
I'm also a published researcher. My undergraduate thesis became a peer-reviewed literature review on the security of LLM-generated code, published in Programming and Computer Software (Springer, 2025).
Currently
Microservices developer at GDC Systems México, working on a POS platform for Chedraui. I implemented an authentication module with argon2id password hashing (OWASP ASVS compliant), RBAC with JWT, and reduced worst-case authentication latency from ~7 seconds to ~1.8 seconds through parallel history verification.
Projects
A recipe finder built around what's in your kitchen. Give it your available ingredients and it returns only recipes you can actually make — no substitutions assumed. Spring Boot 4, JPA, tested with Mockito and DataJpaTest.
github.com/ctr305/algusto →
Research
Programming and Computer Software — Springer, Vol. 51, 2025
State of the Art of the Security of LLM-Generated Code: A Multivocal Literature Review
Reviewed ~2,800 peer-reviewed studies across IEEE, ACM, ScienceDirect, and Springer. Identified 7 vulnerability categories and 6 mitigation strategies for LLM-assisted development, including persona-based prompting and CWE-focused iterative repair.
doi.org/10.1134/S0361768825700446 →