Back to portfolio
Specialized Expertise
6+ YRS · 100+ PROJECTS

VAPT & WAPT

6+ years leading 100+ real-world projects, identifying critical vulnerabilities in complex enterprise networks and web applications.

What I deliver

  • End-to-end black/grey/white box assessments
  • OWASP Top 10 + business logic flaws
  • Detailed remediation roadmaps with CVSS scoring
  • Retesting & secure-SDLC integration
⟩ real-world projects

Selected engagements

Sanitized highlights from real client work — approach, the bug we found, and the fix shipped. Names redacted under NDA.

01

Tier-1 fintech web-app pentest — uncovered IDOR chain leaking 1.2M customer records; full remediation shipped in 14 days

02

Pan-India bank internal network VAPT — domain admin via NTLM relay + ADCS ESC8, full re-test passed clean

03

Healthcare HIPAA grey-box WAPT across 18 portals — 47 high/critical findings closed pre-audit

04

SaaS pre-IPO WAPT — broke SSO via SAML signature wrapping; helped close Series-D security diligence

05

Telecom external surface assessment — 230+ subdomains, 9 critical RCEs reported via responsible disclosure

⟩ common vulnerabilities & how I find them

Top bugs I hunt — and the steps

The recurring weaknesses I see in this domain, with the repeatable workflow I run from discovery to fix.

01

IDOR (Insecure Direct Object Reference)

High
  1. STEP 1Map authenticated endpoints with Burp + identify object IDs (UUIDs, sequential ints)
  2. STEP 2Swap IDs across two test accounts and replay requests
  3. STEP 3Confirm cross-tenant data exposure and measure blast radius
  4. STEP 4Fix: server-side authorization check tied to session user on every object access
02

SQL Injection

Critical
  1. STEP 1Fuzz parameters with sqlmap + manual payloads (UNION, time-based, boolean)
  2. STEP 2Identify DBMS + extract schema and sample rows as PoC
  3. STEP 3Verify privilege boundary — can attacker reach OS via xp_cmdshell / load_file
  4. STEP 4Fix: parameterized queries + least-privilege DB user + WAF as defence-in-depth
03

Broken Authentication / JWT Flaws

Critical
  1. STEP 1Inspect JWT headers for alg=none, weak HS256 secret, kid path traversal
  2. STEP 2Attempt token forgery + replay across accounts
  3. STEP 3Test password reset, MFA bypass and session fixation paths
  4. STEP 4Fix: enforce strong alg, rotate signing keys, bind sessions to device
⟩ arsenal

Tools & frameworks

Burp Suite Pro
Web Security
Nessus
Vulnerability Scanner
Nmap
Network Scanning
Metasploit
Exploitation Framework
Nuclei
Template Scanner
OWASP ZAP
Web Proxy Scanner
Acunetix
Web Vulnerability Scanner
SQLMap
SQL Injection
Wfuzz
Web Fuzzer
Dirsearch
Path Discovery
Gobuster
Directory Brute Force
Wappalyzer
Tech Fingerprinting
ffuf
Web Fuzzing
httpx
HTTP Toolkit
Subfinder
Subdomain Discovery
Amass
Subdomain Recon
Katana
Web Crawler
Nikto
Web Server Scanner
Hydra
Password Brute
Hashcat
GPU Cracking
⟩ engage

Need vapt & wapt expertise?

Get in touch
⟩ related

More in Specialized Expertise