About me

I am an Associate Information Security Consultant specializing in Application Security and Vulnerability Assessment & Penetration Testing (VAPT), with a strong focus on web application security. My expertise includes identifying and exploiting OWASP Top 10 vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), IDOR, CSRF, authentication bypass, and access control flaws. I perform structured manual penetration testing, conduct risk impact analysis using CVSS, and provide detailed remediation guidance aligned with industry best practices. I have hands-on experience using tools such as Burp Suite, Nmap, SQLmap, AppScan 360, and Kali Linux for reconnaissance, vulnerability validation, and exploitation. I also leverage OSINT techniques for attack surface mapping and perform configuration reviews to strengthen application security posture. Currently preparing for HTB Certified Web Exploitation Specialist (CWES), I am continuously advancing my expertise in advanced web exploitation, business logic testing, and offensive application security. Based in Mumbai, India, I am passionate about strengthening cyber resilience through structured security testing and practical, risk-focused remediation strategies.

Skills & Expertise

Security Skills

application_security

OWASP Top 10 Testing

Vulnerability Assessment & Penetration Testing (VAPT)

Authentication & Authorization Testing

Business Logic Testing

Access Control Validation

Session Management Testing

CVSS Risk Assessment

Secure Remediation Validation

exploitation

SQL Injection

Cross-Site Scripting (XSS)

Insecure Direct Object References (IDOR)

Cross-Site Request Forgery (CSRF)

Security Misconfiguration

CORS Misconfiguration

Broken Authentication

tools

Burp Suite

AppScan 360

Nmap

SQLmap

Metasploit

Nessus

Nikto

Wireshark

Netcat

Whois

Nslookup

methodology

Reconnaissance & Enumeration

Manual Penetration Testing

Proof-of-Concept (PoC) Development

False Positive Validation

Risk Impact Analysis

Technical Reporting & Executive Summaries

Re-testing & Secure Closure

About me

Skills & Expertise

Security Skills

application_security

OWASP Top 10 Testing

Vulnerability Assessment & Penetration Testing (VAPT)

Authentication & Authorization Testing

Business Logic Testing

Access Control Validation

Session Management Testing

CVSS Risk Assessment

Secure Remediation Validation

exploitation

SQL Injection

Cross-Site Scripting (XSS)

Insecure Direct Object References (IDOR)

Cross-Site Request Forgery (CSRF)

Security Misconfiguration

CORS Misconfiguration

Broken Authentication

tools

Burp Suite

AppScan 360

Nmap

SQLmap

Metasploit

Nessus

Nikto

Wireshark

Netcat

Whois

Nslookup

methodology

Reconnaissance & Enumeration

Manual Penetration Testing

Proof-of-Concept (PoC) Development

False Positive Validation

Risk Impact Analysis

Technical Reporting & Executive Summaries

Re-testing & Secure Closure

Infrastructure Skills

networking

TCP/IP

DNS

ARP

DHCP

operating_systems

Kali Linux

Linux

Windows

macOS

Programming Skills

languages

Python (Flask)

Node.js

PHP

Bash

JavaScript

databases

MongoDB

MySQL

frontend

React.js

React Native

HTML

CSS

Tailwind CSS

backend

Express.js

REST APIs

Soft Skills Skills

skills

Analytical Thinking

Problem Solving

Risk Assessment

Technical Reporting

Collaboration

Attention to Detail