Harshit Joshi

Associate Consultant

India3 yrs experience

Highly StableAI Enabled

Key Highlights

Identified and remediated over 150 critical vulnerabilities.
Published CVE-2023-23956 affecting global enterprises.
Runs a technical security education channel with 57k+ subscribers.

Stackforce AI infers this person is a Cybersecurity expert specializing in application security and vulnerability management.

Contact

Skills

Core Skills

Application SecurityWeb Application Security

Other Skills

API SecurityPenetration TestingVulnerability DiscoveryResponsible DisclosureAI SecurityAI Red TeamWebsocketssource code reviewAPI TestingPython (Programming Language)Communication

About

I am currently focused on AI red teaming, specifically attacking agentic systems, MCP integrations and LLM-powered workflows. As AI moves from chatbots to autonomous agents that take real-world actions, the attack surface has fundamentally shifted. I work on understanding and exposing those gaps. I have identified and driven remediation of more than 150 high and critical vulnerabilities in production systems for Fortune 50 organizations. One of these findings was published as CVE-2023-23956, affecting Symantec SiteMinder SSO used by enterprises worldwide. I am an Application Security engineer with deep hands on experience across web, AI, API, mobile and cloud hosted applications. My work is execution focused. I exploit vulnerabilities to demonstrate real world impact, work directly with engineering teams to design practical fixes and retest to ensure issues are fully resolved rather than simply reported. My technical focus is on vulnerabilities that survive in production environments, including authentication bypasses, authorization flaws, business logic issues and high impact injection and access control weaknesses. I spend significant time understanding application architecture, trust boundaries and how multiple issues chain together into realistic attack paths. Alongside my professional work, I run a technical application security education channel with more than 57 thousand subscribers, where I publish hands on walkthroughs covering penetration testing, exploitation, and defensive lessons for engineers. This has strengthened my ability to communicate complex security issues clearly and work effectively with development teams. What drives my work is practical security. I care about finding issues that would actually be exploited, explaining them clearly and helping teams build and ship more secure software without unnecessary friction.

Experience

3 yrs

Total Experience

3 yrs

Average Tenure

3 yrs

Current Experience

Prescient security

Application Security Consultant

Apr 2023 – Present · 3 yrs · Remote

I work hands on as part of an application security consulting team, performing security testing across web, API and mobile applications for enterprise and Fortune 50 clients.
My responsibilities include conducting manual application security assessments, identifying authentication and authorization flaws, business logic vulnerabilities, and high impact injection issues in production and pre production systems. I regularly test modern API driven architectures and cloud hosted applications, with a focus on real world exploitability rather than checklist driven findings.
I collaborate closely with engineering and security teams to validate impact, reproduce vulnerabilities, and support remediation by explaining root cause and secure design patterns. Across client engagements, I have identified more than 150 high and critical vulnerabilities across web, API and mobile applications, many of which affected internet facing and business critical systems.
I have also contributed to security research as part of my role, including the discovery and responsible disclosure of CVE-2023-23956 affecting Symantec SiteMinder WebAgent SSO used in enterprise identity environments.

Application SecurityWeb Application SecurityAPI SecurityPenetration Testing