Career Portfolio

Cybersecurity

Exploring offensive security and ethical hacking with a focus on web application penetration testing. I approach security from a builder's perspective — understanding how applications are constructed helps identify where they can break.

Penetration Testing

Hands-on offensive security · CTF labs · structured methodology

Web Application Penetration Testing

2024 — Present

Featured
Situation

Organizations commonly have web application vulnerabilities that automated scanners miss, requiring manual penetration testing expertise to uncover.

Task

Identify and responsibly report security vulnerabilities in web applications through systematic reconnaissance, testing, and exploitation techniques.

Action

Utilized Burp Suite for traffic interception and manipulation, wrote custom Python scripts for automated reconnaissance, and applied OWASP Top 10 methodologies for structured vulnerability assessment across authentication, injection, and access-control surfaces.

Result

Earned Coursera Cybersecurity specialization and consistently applying learned techniques in structured lab environments and real-world programs.

Burp SuitePythonOWASP Top 10Web ReconManual Testing

CTF Competitions & Practice Labs

2023 — Present

Situation

Continuous skill development in offensive security requires hands-on practice beyond certifications and courses.

Task

Regularly participate in Capture The Flag competitions and practice on platforms to sharpen reconnaissance, exploitation, and post-exploitation skills.

Action

Practiced web exploitation challenges focused on XSS, SQL injection, SSRF, IDOR, and authentication bypasses. Used tools like Nmap, Gobuster, FFuf, and custom Python scripts in TryHackMe and HackTheBox environments.

Result

Built a growing offensive security skill set with practical understanding of common vulnerability patterns and their remediation strategies.

CTFTryHackMeHackTheBoxXSSSQLiSSRFGobuster

Bug Bounty

Responsible disclosure · real-world targets · PoC write-ups

Responsible Disclosure Programs

2024 — Present

Featured
Situation

Companies running public responsible disclosure or bug bounty programs have large attack surfaces that benefit from community security researchers.

Task

Systematically test in-scope web targets for real-world vulnerabilities following program rules; document and report findings professionally.

Action

Performed black-box web application testing covering IDOR, broken access control, authentication flaws, and business logic bugs. Documented every finding with PoC steps, impact assessment, and CVSS scoring. Submitted reports through HackerOne and direct disclosure channels.

Result

Actively building a responsible disclosure track record; write-up documents attached for each submitted finding.

HackerOneIDORCVSSPoC WritingResponsible Disclosure

Write-up Reports

3 reports
High

IDOR — Unauthorized Access to User Data

HackerOne·Redacted Program·2024
N/APending
Medium

Broken Access Control — Admin Endpoint Exposure

Direct Disclosure·Redacted Program·2024
N/APending
Medium

Stored XSS — Persistent Script Injection

HackerOne·Redacted Program·2024
N/APending

Program names redacted per responsible disclosure guidelines