VAPT | API Security | Bug Bounty

Bug Hunter &
API Pentester

Hands-on experience in live bug bounty programs. Skilled in OWASP Top 10, Burp Suite, and API security. Looking for a remote junior VAPT role to identify and report web vulnerabilities.

Explore Work Contact Me

Web & API Security

XSS | IDOR | BOLA | Logic flaws

PortSwigger 35+ labs Ethical Hacking Essentials OWASP Top 10

Technical Arsenal

Tools, languages and frameworks I use daily

VAPT & API Security

Burp Suite, parameter abuse, BOLA, excessive data exposure, authentication bypass.

Networking & OS

HTTP/HTTPS, TCP/IP, DNS, Linux (Kali, Ubuntu), Windows environment.

Programming

Python, JavaScript, automation scripts, custom security tooling.

Featured Security Projects

Open-source tools and dashboards I built

WordPress-Fix

Scanner

WordPress security scanner that detects known vulnerabilities, misconfigurations and outdated plugins.

View on Github

BugBoard

Dashboard

Vulnerability assessment dashboard for SQLi, XSS, CSRF with live tracking of bug bounty progress.

Live Demo

CORS-Misconfig

Detection

Tool to detect CORS misconfigurations in web applications and assess potential data leakage.

View on Github

View All Projects

Writeups & Security Research

I document real-world bug bounty findings, API hacking techniques and PortSwigger lab solutions. Read my latest research on dev.to and personal blog.

Explore All Writeups

Exploiting IDOR in modern APIs

Step-by-step bypass techniques

XSS to account takeover: a real case

Bug bounty walkthrough

CORS misconfiguration deep dive

Tooling and detection

Certifications

Ethical Hacking Essentials (EHE)
PortSwigger Web Security Academy - 35+ labs solved
OWASP Top 10 practitioner

Bug Bounty Highlights

Reported XSS, IDOR & logic flaws on live programs
Clear reproducible PoCs with requests and screenshots
API pentesting: BOLA & excessive data exposure

Bug Hunter & API Pentester