Security Researcher | Bug Hunter | Full Styack Developer
Embedded Files
I am a Cybersecurity Engineer specializing in Application Security, vulnerability research, and secure backend development. I secure production systems, identify and remediate critical security flaws, and build scalable applications with security embedded by design. My work spans OWASP Top 10, API Security, Server Hardening, and Python-Based Automation.ย
My Findings
DOM-Based XSS in AI Chat-Botย ๐
DOM-Based XSS in AI Chat-Botย ๐
Getting your first valid vulnerability report is a milestone every security researcher remembers. This post documents my journey of discovering a real-world DOM-based XSS in a production chatbotโnot focusing on payloads or exploits, but on how to think, what to observe, and how small client-side mistakes can lead to serious security issues. This was my first step from learning theory to finding real impact.ย
Missing CAPTCHA Configuration in Signup Flow ย ย ๐
Missing CAPTCHA Configuration in Signup Flow ย ย ๐
CAPTCHA is often treated as a security control, but missing or weak CAPTCHA configuration does not always result in a valid vulnerability. This post explores how such misconfigurations are identified during testing, why they are frequently classified as informational, and what additional impact is required for them to matter in real-world security assessments.ย
Logout Without Revocation: A Session Token Analysis ย ๐
A practical security analysis of session management in a fintech API, exploring what happens when an access token remains valid after logout. This write-up breaks down the testing methodology, observed behavior, and key lessons learned in evaluating authentication and token revocation mechanisms.ย
What I Focus On ๐ฏ
What I Focus On ๐ฏ
Securing web and API-driven applications
Vulnerability assessment and exploit analysis
Linux server hardening and infrastructure security
Security automation and backend engineering in Python
Page updated
Google Sites
Report abuse