Jul 2023 – Apr 2024 · 9 mos · Bengaluru, Karnataka, India · Hybrid

• Responsible for handling the bug bounty program of Razorpay where I revalidate the reported vulnerabilities, get them fixed from developers and Responsible on deciding bounty structure as well to pay bug hunters accordingly.
• Performing Threat modelling (also tech-spec reviews if applicable) and adhoc security testing on QA/dev stack environments before making APIs/functionalities live for end users.
• Performing security assessments (SAST/DAST/manual) on all razorpay products & acquisitions (BillMe, Poshvine, ezetap etc.) to ensure security at each level (yes we automate things here to save time and not just depends upon tools)
• Handling gateway security assessments (gateway pentests and code reviews) and making sure no gateway gets integrated without security assessment and each and every gateway is end-to-end secure.
• [Razorpay is one of the largest payment gateways and top fintech company in India]

Jun 2022 – Jul 2023 · 1 yr 1 mo · Gurugram, Haryana, India · On-site

• Working in AppSec (Performing Pentests on all platforms i.e. Web/Android/Ios/PWA) and managing MMT/GI's bug bounty Program
• Learning and working on Perimeter security of MMT & GI
• Writing scripts to automate the things and strengthen the security at MMT.
• Working with XVigil (AI based digital risk monitoring tool by Cloud_SEK) to monitor digital footprints for GI & MMT.
• [MakeMyTrip is India's largest OTA!!]

Jan 2022 – Jun 2022 · 5 mos · India (Remote)

• Initially trained on DAST offering & Pentesting where I learnt about vulnerabilities not only limited to OWASP Top 10 through sessions conducted by mentors, senior members and online degreed platform and got hands on experience on the same by practicing on different pentesting platforms like Portswigger labs, Pentester academy, DVWA/Web Goat and other vulnerabilities specific websites.
• Made my own locally hosted vulnerable web app using tech-stack (PHP, HTML, JavaScript & XAMPP web server) having almost all the vulnerabilities learnt during the internship and after successfully demonstrating my web app, I secured it thus making a complete secure web app which enhanced my Secure Coding knowledge.
• Trained on beginner SAST offering where I leant about detecting vulnerabilities not only limited to OWASP Top 10 at an early stage of SDLC i.e. on source code level mainly in these languages (Java/C++, JavaScript, PHP, HTML and Python).
• After all these learnings, I made a professional POC (Proof of Concept) report of OWASP Juice Shop web app (It is probably the most modern and sophisticated insecure web application by OWASP!) according to PT-E(Pentesting-Essential) checklist of company and submitted it as my demo project. At last I made a professional POC (Proof of Concept) report of Mobile IMS web app(It is specially designed by company employees as an internal testing web application) according to PT-S(Pentesting-Standard) checklist of company and submitted it as my final project.
• [Synopsys is termed #1 in Electronic Design Automation Solutions & Services and is also leader in Application security]

Jun 2021 – Jul 2021 · 1 mo · India (Remote)

• Learned about different types of attacks, Scams and IT Rules in Cyber world and took a pledge of Digitally Safe India.
• Participated in CTFs and improved my Web and Networking Skills under the guidance of Rakshit Tandon sir.

Dec 2020 – Feb 2021 · 2 mos · India (Remote)

• In the span of 2 months, I managed a team of 4 Interns named "VIEH Cyber Warriors" where we learnt many new approaches and techniques of web & network pentesting
• Gave my interns some innovative tasks based on Web and Network pentesting, solved some public and self created CTFs and finally we made 2 Projects:
• 1) Smart Key logger
• 2) Chrome Password Extractor.
• Overall My team (VIEH Cyber Warriors) enjoyed this Internship and learned some innovative and new things.

Oct 2020 – Dec 2020 · 2 mos · India (Remote)

• In the span of these 2 months I got the opportunity to apply Pentesting skills (Web and Networking) by working on weekly tasks/assignments, conducting various Vulnerabilities specific sessions.
• Got hands on experience experience of VAPT/WAPT by conducting VAPT/WAPT assessment on one of the internal subdomain of VIEH Group based on real world scenario and submitted professional POC report of the same at the end.
• Learned about some new tools and expanded my knowledge on how to get started with creating/developing your own tools using scripting languages.
• Overall it was a great and learning internship experience.

Aug 2020 – Aug 2020 · 0 mo · India

• - Successfully completed the online task based on Threat Intelligence where a real world Dark Web scenario was created by Cloud_SEK team and participants were challenged to find flags (in form of different hashes) on the website by combining all the information available in that scenario.

Jul 2020 – May 2022 · 1 yr 10 mos · Remote · Remote

• Found various bugs as freelance bug hunting during college days.