I’m an application security researcher and tool developer who treats security as a product feature. I hunt vulnerabilities through bug bounties, run intensive fuzzing campaigns, and build automation to catch flaws earlier in the pipeline. I’m exploring AI-assisted triage and detection to scale secure development across teams. Always open to collaborating on tooling, audits, or POCs.
🔍 Focus: Crushing app vulnerabilities, hunting bugs and automating security testing.
🛠️ Current Project: AuthMutator — Burp Suite extension for experimenting with authentication issues and attack simulations.
🌱 Learning: Game Hacking — exploring memory manipulation, cheat detection, and reverse engineering.
🤝 Collaborating On: Open-source tooling for CI/CD security and automated app-sec workflows.
💡 Fun Fact: I once found a critical bug at 3 AM fueled by coffee and sheer curiosity — caffeine + curiosity = 🔥.
I actively hunt for security flaws and share my findings responsibly. Here are a few notable vulnerabilities I've uncovered:
-
CVE-2024-40422 – Path Traversal in DEVIKA-AI. Details
This vulnerability allowed attackers to access sensitive files on the server, highlighting the importance of strict input validation in AI platforms. -
CVE-2022-54321 – SQL Injection in an E‑Commerce CMS. Details
A classic SQL injection flaw that could expose customer data. It reinforced my focus on automating detection of injection issues in web applications. -
CVE-2020-35241 – Cross-site Scripting in FlatPress CMS. Details
This XSS vulnerability demonstrated how even small content management systems can pose significant security risks if input is not properly sanitized.
I love sharing what I learn from my security research and bug bounty adventures. Here’s a glimpse of my recent posts:
- Uncovering Path Traversal in Devika v1: A Deep Dive into CVE-2024-40422
I walk through how I discovered this path traversal vulnerability in Devika v1, the risks it posed, and the steps I took to mitigate it.
