The developer behind the code.
Background, education, and the approach that shapes every project I take on.
Where it started
I'm MD Sabbir Hosen — most clients know me as AJ Sabbir. Over the past 8+ years, I've built a career at the intersection of full-stack development and security research, working with clients both locally in Bangladesh and internationally through remote engagements.
What started as curiosity about how software actually works — not just how to make it work — turned into a specialty. I don't just write code; I study how systems fail, how legacy applications were built (and why they break), and how to close the gaps that most development timelines don't leave room for.
300+ projects, one working method
Across 300+ completed projects — spanning online freelance work and offline/local client engagements — I've maintained a 4.9/5 client rating as a top-rated freelancer on Fiverr. That consistency comes from a simple principle: understand the problem fully before writing a single line of code, and never treat security or testing as optional steps tacked on at the end.
My work spans custom PHP/MySQL backend systems, modern Next.js and React frontends styled with Tailwind CSS, WordPress builds for businesses that need speed to market, and e-commerce platforms that need to be both functional and trustworthy from day one.
A different kind of technical background
Alongside client work, I'm currently completing a BSc (Honours) in History at the University of Rajshahi. It's an unusual pairing with software development, but it's been genuinely useful — historical research trains you to interrogate sources, trace cause and effect, and resist taking things at face value. Those are the same instincts I rely on when reverse engineering an undocumented codebase or investigating a security incident: don't assume, verify.
I'm also currently learning German (A2 level) alongside fluent English and native Bengali, which has been valuable in expanding the range of clients and collaborators I can work with directly.
How I approach security
I treat security as a first-class part of development, not a separate discipline bolted on afterward. Every application I build gets the same scrutiny I'd apply in a dedicated security audit: input validation, prepared statements, proper session handling, and a mindset that assumes an attacker is already looking. When clients bring me an existing application, the first thing I do is look for what's already broken — because in my experience, there almost always is something.