Projects

Performed in-depth manual and automated penetration testing on real-world web applications. Identified and validated critical vulnerabilities including SQL Injection, Stored & Reflected XSS, CSRF, IDOR, Authentication Bypass, and Access Control flaws. Prepared detailed vulnerability reports with CVSS scoring and remediation guidance.

Conducted security assessment of the DVAT Android application to identify common mobile security issues such as insecure data storage, improper platform usage, hardcoded credentials, insecure API communication, and broken authentication mechanisms.

Performed comprehensive domain enumeration and reconnaissance to map attack surfaces using passive and active techniques. Identified subdomains, DNS records, IP ranges, open ports, and exposed services using tools such as Subfinder, Amass, Nmap, and custom scripts.