Tech Lead @ EY · 5+ yrs VAPT across web, API, mobile & cloud
3 CVEs published · AI security automation · OSCP candidate
450+ security assessments delivered
Published CVEs discovered through responsible disclosure in production frameworks — from SQL injection to authentication bypass.
🔬 My research focuses on web application security, authentication mechanisms, and input validation flaws. I've identified critical vulnerabilities in widely-used CMS and web frameworks, with a growing interest in AI/LLM security and cloud security misconfigurations. All findings were responsibly disclosed and patched by the respective vendors.
search parameter — findByWhereClause function directly incorporated untrusted inputs into SQL statements.Deep dives into vulnerability research, exploitation techniques, and security analysis — published on Medium.
findByWhereClause function and the inadequate CheckValueForInjection safeguard.Battle-tested across 450+ assessments — from mobile instrumentation to cloud security reviews.
From IT infrastructure to enterprise security leadership.
Security tools and utilities I've built for the community.
Live hosted tools available on subdomains.