Vulnerability Researcher | Application Security Engineer | SAST • DAST • SCA | Web/API Security | Security Automation | Python | Bug Bounty Hunter
Vulnerability Researcher | Application Security Engineer | SAST • DAST • SCA | Web/API Security | Security Automation | Python | Bug Bounty Hunter
I am a Cybersecurity Engineer specializing in Application Security, vulnerability research, and secure backend development. I secure production systems, identify and remediate critical security flaws, and build scalable applications with security embedded by design. My work spans OWASP Top 10, API Security, Server Hardening, and Python-Based Automation.
My Findings
Getting your first valid vulnerability report is a milestone every security researcher remembers. This post documents my journey of discovering a real-world DOM-based XSS in a production chatbot—not focusing on payloads or exploits, but on how to think, what to observe, and how small client-side mistakes can lead to serious security issues. This was my first step from learning theory to finding real impact.
CAPTCHA is often treated as a security control, but missing or weak CAPTCHA configuration does not always result in a valid vulnerability. This post explores how such misconfigurations are identified during testing, why they are frequently classified as informational, and what additional impact is required for them to matter in real-world security assessments.
Logout Without Revocation: A Session Token Analysis 👇
A practical security analysis of session management in a fintech API, exploring what happens when an access token remains valid after logout. This write-up breaks down the testing methodology, observed behavior, and key lessons learned in evaluating authentication and token revocation mechanisms.
Burp Suite
OWASP ZAP
Nmap
Nessus
Metasploit
Wireshark
OWASP Top 10
API Security
Threat Modeling
Server Hardening
Log Analysis
Reconnaissance
Vulnerability enumeration
Exploitation basics
Python-based automation
Python
JavaScript
C
Java
Bash
PHP
Assembly
Django, FastAPI, Flask
Docker
Git & GitHub Actions
Nginx
Linux (Debian, Arch)
SSH
MySQL
PostgreSQL
MongoDB
Securing web and API-driven applications
Vulnerability assessment and exploit analysis
Linux server hardening and infrastructure security
Security automation and backend engineering in Python