VAPT & WAPT
6+ years leading 100+ real-world projects, identifying critical vulnerabilities in complex enterprise networks and web applications.
What I deliver
- End-to-end black/grey/white box assessments
- OWASP Top 10 + business logic flaws
- Detailed remediation roadmaps with CVSS scoring
- Retesting & secure-SDLC integration
Selected engagements
Sanitized highlights from real client work — approach, the bug we found, and the fix shipped. Names redacted under NDA.
Tier-1 fintech web-app pentest — uncovered IDOR chain leaking 1.2M customer records; full remediation shipped in 14 days
Pan-India bank internal network VAPT — domain admin via NTLM relay + ADCS ESC8, full re-test passed clean
Healthcare HIPAA grey-box WAPT across 18 portals — 47 high/critical findings closed pre-audit
SaaS pre-IPO WAPT — broke SSO via SAML signature wrapping; helped close Series-D security diligence
Telecom external surface assessment — 230+ subdomains, 9 critical RCEs reported via responsible disclosure
Top bugs I hunt — and the steps
The recurring weaknesses I see in this domain, with the repeatable workflow I run from discovery to fix.
IDOR (Insecure Direct Object Reference)
- STEP 1Map authenticated endpoints with Burp + identify object IDs (UUIDs, sequential ints)
- STEP 2Swap IDs across two test accounts and replay requests
- STEP 3Confirm cross-tenant data exposure and measure blast radius
- STEP 4Fix: server-side authorization check tied to session user on every object access
SQL Injection
- STEP 1Fuzz parameters with sqlmap + manual payloads (UNION, time-based, boolean)
- STEP 2Identify DBMS + extract schema and sample rows as PoC
- STEP 3Verify privilege boundary — can attacker reach OS via xp_cmdshell / load_file
- STEP 4Fix: parameterized queries + least-privilege DB user + WAF as defence-in-depth
Broken Authentication / JWT Flaws
- STEP 1Inspect JWT headers for alg=none, weak HS256 secret, kid path traversal
- STEP 2Attempt token forgery + replay across accounts
- STEP 3Test password reset, MFA bypass and session fixation paths
- STEP 4Fix: enforce strong alg, rotate signing keys, bind sessions to device