Devansh Bordia

Software Engineer

Jaipur, Rajasthan, India3 yrs 3 mos experience

Key Highlights

  • Recognized by over 30 companies for asset protection.
  • Published multiple CVEs and articles in cybersecurity.
  • Secured top ranks in competitive cybersecurity challenges.
Stackforce AI infers this person is a Cybersecurity Specialist with a focus on Application and Cloud Security.

Contact

LinkedIn

Skills

Core Skills

Vulnerability AssessmentSecurity TestingApplication SecurityCloud Security

Other Skills

API PentestingAmazon Web Services (AWS)Android TestingAppsec EngagementsAutomationBashBlockchainBloggingBuilding Automation Systems (BAS)Cisco NetworkingCommunicationCreative Problem SolvingCritical ThinkingCustomer Success CoordinationCybersecurity

About

Devansh Bordia is a Penetration Tester who specializes in Application Security and has received recognition from more than 30 companies for protecting their assets. The following are my achievements in the field of Cyber Security: 1) Bugcrowd MVP 2020 Q2 2) Published CVE-2021-44321 | CVE-2022-27432 | CVE-2022-26588 | CVE-2022-26589 3) Secured 8 Rank in OWASP Seasides CTF 2020 4) Secured Top 100 Rank in HTB India 5) Publication Book related to Cyber Security 6) Certifications such as eWPTX, eCPPT, AWS Solution Architect, CRTP 7) Received Special Mentions for running the AWS Security Series by various platforms like Infosec Writeups, SpintheHack, and Detectify. 8) Written Articles for companies like Detectify, Project Discovery, and many other international companies. Besides this Devansh specializes in Cloud Security and has rich experience in handling projects on AWS, Azure, and GCP. He has handled multiple projects for cloud configuration reviews and also performed multiple audits for different consulting companies all around the globe. In addition, he has experience managing pentesting projects and has worked for several product-based businesses. Devansh has completed End-to-End Security Assessments and worked on projects involving Web, API, Android, Code Review, and Threat Modeling. He has assessed more than 100 applications, discovered more than 300 vulnerabilities, and received recognition from the community on Infosec Writeups, Detectify, and the SpintheHack YouTube channel. In his consulting career, he has worked on Appsec Engagements, Azure, GCP, and AWS Config Reviews, Thick Client Applications, Threat Modelling, Code Reviews, Web3 Security, and Bug Bounty Programs. He also actively publishes his Appsec discoveries on Medium and shares articles regarding Cloud Security and Bug Bounty. Additionally, he has disclosed several CVEs: --> CVE-2021-44321 --> CVE-2022-27432 --> CVE-2022-26588 --> CVE-2022-26589 Coming to Web3 Security, he possesses in-depth understanding of different attack vectors such as Reentrancy, Flash Loans, Sandwich, Untrusted Delegate Call, Storage Collision, Overflow/Underflow, Default Visibility, Front Running etc. Besides he has extensive experience with tools like Foundry, Hardhat, Truffle etc.

Experience

3 yrs 3 mos
Total Experience
1 yr
Average Tenure
--
Current Experience

Bugcrowd

Application Security Engineer

Oct 2024Jan 2025 · 3 mos

Hackerone

Product Security Analyst - Pod Lead

Oct 2022Jul 2024 · 1 yr 9 mos · Remote

  • 1. Review incoming vulnerability reports and reproduce issues, assessing the severity and impact of each issue within the context of each organization’s threat model.
  • 2. Work with hackers to identify missing information in reports, as well as help educate the community when reports are incorrect.
  • 3. Coordinate with our Customer Success team and customers to ensure smooth triage workflows for any programs you work with.
  • 4. Write a brief summary for each report, including clear reproduction steps, the impact of the issue, and remediation advice.
Vulnerability AssessmentSecurity TestingThreat ModelingVulnerability ReportsCustomer Success Coordination

Payatu

Co-Lead-Security Consultant (Appsec & Cloud)

Jun 2021Sep 2022 · 1 yr 3 mos

  • 1. Perform various types of Security Assessments on Web, API, Network, AWS Config Review, Threat Modelling, Android Applications, and IOS Applications.
  • 2. Executed over 100+ Appsec engagements for several enterprises and led the pentest team during the evaluations.
  • 3. Experienced in performing static and dynamic analysis testing of Android and iOS application. Proficient in identifying various core Mobile vulnerabilities like Deep linking exploits, Local file stealing using LFI, Local SQL Injection, Abusing WebView XSS, Bypassing application workflow by hooking class methods and functions using Frida and objection, Authentication bypass, Authorization Flaws, Business Logic Vulnerabilities, etc.
  • 4. Bypass Jailbreak Detection and SSL pining by using automated and manual way by using tools like SSL KILL switch2, Frida, objection, and Hopper. Test for Cryptography flaws, Local data storage, Network layer attack, Binary protection checks, hardcoded credentials, Bypass local PIN using dynamic analysis, etc. Bypass the application logic by modifying source code and re-signing the application by using tools like objection, app sign, and Hopper.
  • 5. Promoted to Co-Lead Appsec & Cloud Security Consultant for managing and leading the Appsec & Cloud security team within the organization.
Security AssessmentsAppsec EngagementsCloud SecurityThreat ModelingStatic and Dynamic AnalysisApplication Security

Education

Amity University Rajasthan, Jaipur

Bachelor of Technology — Computer Science

Jan 2017Mar 2021

Stackforce found 100+ more professionals with Vulnerability Assessment & Security Testing

Explore similar profiles based on matching skills and experience

Howard Kelly

Howard Kelly

Founder & Director | Cyber Security, Technology, Data & AI

at Meliora

Hong Kong, Hong Kong SAR13 yrs 7 mos exp
Cyber SecurityRisk Management
Rakesh Reddy Chapatla

Rakesh Reddy Chapatla

Application Engineering Manager

at Synopsys Inc

India16 yrs 3 mos exp
Service Delivery ManagementApplication Security
NY

Nanarao Yarragunta

Lead Software QA Engineer

at Molina Healthcare

Dallas, United States13 yrs 10 mos exp
Quality AssuranceAutomationTest ManagementTest Automation
Harshprit Singh

Harshprit Singh

Professional Services Consulting Specialist

at UltraViolet Cyber

Bengaluru, India7 mos exp
Ethical Hacking
Pratik G.

Pratik G.

Security Engineer

at eGain Corporation

Sunnyvale, United States5 yrs 1 mo exp
Cloud Security ArchitectureIAM Governance & Access ControlRisk Assessment & ManagementThreat & Vulnerability ManagementSecurity Controls Implementation & Validation
vishal sharma

vishal sharma

Product Security Engineer

at Newt Global

Bengaluru, India3 yrs 7 mos exp
Application SecurityVulnerability Assessment
Saad Rasheed

Saad Rasheed

Specialist - Cyber Security

at AT&T

Udupi, India7 yrs 8 mos exp
CybersecuritySecurity ConsultingSecurity Testing
NithishSharavanan S K

NithishSharavanan S K

Software Development Engineer

at BlueSapling

Coimbatore, India2 yrs 2 mos exp
Software DevelopmentAPI Development