Freelancers using Golang in MumbaiFreelancers using Golang in Mumbai
Cybersecurity Engineer , Full stack Web Developer.
New to Contra
Cybersecurity Engineer , Full stack Web Developer.
Cover image for Recently identified a publicly accessible
Recently identified a publicly accessible Spring Boot Actuator /env endpoint during a security assessment. What initially appeared to be a routine configuration exposure turned out to reveal: • Internal service architecture • Backend microservice endpoints • Internal hostnames and network information • Deployment and filesystem details • Security configuration settings • Credentials and encryption-related secrets This serves as a reminder that management interfaces can expose far more than operational metadata when left accessible in production environments. Key lessons: ✓ Restrict Actuator endpoints to trusted administrative networks ✓ Avoid exposing /env in production ✓ Review environment variables and configuration repositories for secrets ✓ Rotate any exposed credentials immediately ✓ Use least-privilege exposure lists rather than wildcard endpoint exposure Small configuration mistakes can create a complete roadmap of an organization's internal infrastructure. #CyberSecurity (https://www.linkedin.com/search/results/all/?keywords=%23cybersecurity&origin=HASH_TAG_FROM_FEED) #AppSec (https://www.linkedin.com/search/results/all/?keywords=%23appsec&origin=HASH_TAG_FROM_FEED) #SpringBoot (https://www.linkedin.com/search/results/all/?keywords=%23springboot&origin=HASH_TAG_FROM_FEED) #DevSecOps (https://www.linkedin.com/search/results/all/?keywords=%23devsecops&origin=HASH_TAG_FROM_FEED) #BugBounty (https://www.linkedin.com/search/results/all/?keywords=%23bugbounty&origin=HASH_TAG_FROM_FEED) #SecurityResearch (https://www.linkedin.com/search/results/all/?keywords=%23securityresearch&origin=HASH_TAG_FROM_FEED) #OWASP (https://www.linkedin.com/search/results/all/?keywords=%23owasp&origin=HASH_TAG_FROM_FEED) #InfoSec (https://www.linkedin.com/search/results/all/?keywords=%23infosec&origin=HASH_TAG_FROM_FEED)
0
49
Cover image for Security research update
Happy to share
Security research update Happy to share that I’ve been recognized in the Philips Coordinated Vulnerability Disclosure Hall of Fame (2026) for responsibly reporting a security vulnerability. During security testing, I identified a vulnerability and reported it through Philips’ coordinated disclosure program. After verification by their security team, the issue was acknowledged and addressed. Moments like this highlight why responsible disclosure and collaboration between researchers and organizations are so important. Security research is not just about finding bugs — it’s about helping strengthen systems that people depend on every day. Grateful to the Philips security team for the acknowledgment and for supporting a transparent vulnerability disclosure process. On to the next bug. https://lnkd.in/dukTVr6t (https://lnkd.in/dukTVr6t)#CyberSecurity (https://www.linkedin.com/search/results/all/?keywords=%23cybersecurity&origin=HASH_TAG_FROM_FEED) #BugBounty (https://www.linkedin.com/search/results/all/?keywords=%23bugbounty&origin=HASH_TAG_FROM_FEED) #EthicalHacking (https://www.linkedin.com/search/results/all/?keywords=%23ethicalhacking&origin=HASH_TAG_FROM_FEED) #ResponsibleDisclosure (https://www.linkedin.com/search/results/all/?keywords=%23responsibledisclosure&origin=HASH_TAG_FROM_FEED) #SecurityResearch (https://www.linkedin.com/search/results/all/?keywords=%23securityresearch&origin=HASH_TAG_FROM_FEED) #AppSec (https://www.linkedin.com/search/results/all/?keywords=%23appsec&origin=HASH_TAG_FROM_FEED) #Infosec (https://www.linkedin.com/search/results/all/?keywords=%23infosec&origin=HASH_TAG_FROM_FEED)
0
47