Application Security · Security Engineering · Penetration Testing
I build security-focused systems, backend defenses, and developer tooling. My work currently centers on web and API security, secure backend architecture, security automation, open-source project administration, and applied cryptography.
- Project Admin for SecuScan during GSSoC 2026
- Core Member of the Society of Cyber Security
- Building evidence-driven skills in web security, API security, vulnerability assessment, secure development, and security reporting
- Publishing security projects, assessment reports, and technical write-ups
Local-first security scanning workspace built with FastAPI, React, TypeScript, Docker-oriented execution controls, structured findings, and a metadata-driven catalogue of 60 security-tool integrations.
Highlights: plugin validation, capability and network-policy enforcement, task orchestration, parser integrity checks, audit logging, finding normalization, PostgreSQL/SQLite, Redis/in-memory caching.
Client-side encrypted one-to-one messaging prototype using browser Web Crypto APIs, ECDH P-256, AES-GCM, Supabase Auth, PostgreSQL Row Level Security, and Realtime.
Highlights: browser-side encryption, ciphertext-only message storage, historical key identifiers, local keyring management, and encrypted private-key backups.
Secure backend foundation for a cybersecurity society platform using Node.js, Express, Prisma, and MariaDB.
Highlights: JWT authentication, bcrypt password hashing, role-based access control, Zod validation, request sanitization, rate limiting, Helmet, audit logging, and protected administrative operations.
Repository documenting technical solutions and analyses for 99 CTF challenges covering web exploitation, cryptography, digital forensics, reverse engineering, OSINT, binary exploitation, and network analysis.
Highlights: detailed walk-throughs for complex tasks (like non-x86 MIPS64 ROP execution and custom LCG seed recovery), Minecraft region-save parsing with PIL-based visualization, and Supabase RLS privilege-escalation analysis.
Application Security: Web and API security, OWASP Top 10, authentication and authorization testing, session and JWT security, input validation, rate limiting, security reporting
Tools: Burp Suite, Nmap, Wireshark, Nuclei, ffuf, Gobuster, OWASP ZAP, Docker, Git, Linux
Engineering: Python, JavaScript, TypeScript, Bash, FastAPI, Node.js, Express, React, Next.js, PostgreSQL, MariaDB, SQLite, MongoDB
Security Engineering: secure API design, RBAC, audit logging, task isolation, plugin integrity, threat modelling, defensive error handling, client-side cryptography
As Project Admin for SecuScan, I coordinate contributor onboarding, issue triage, task assignment, pull-request review, technical discussions, testing, documentation, security standards, and responsible-use controls.
I work on challenges across:
- Web exploitation
- Cryptography
- Digital forensics
- Reverse engineering
- Network analysis
- OSINT
Detailed write-ups and sanitized assessment reports are being organized into dedicated public repositories.
I only perform security testing on systems I own, authorized targets, or deliberately vulnerable training environments.