Freelancers using Acunetix
Freelancers using Acunetix
Sign Up
Post a job
Sign Up
Log In
Filters
1
Projects
People
MD MESBAUL ISLAM
Dhaka, Bangladesh
Certified Penetration Tester | Web, Mobile & API Sec. Expert
New to Contra
Follow
Message
Certified Penetration Tester | Web, Mobile & API Sec. Expert
0
Account Takeover (ATO) via Token Vulnerability Identified a critical Account Takeover (ATO) vulnerability during web application and API penetration testing of a financial platform. By exploiting insecure token validation, I gained unauthorized access to user accounts without credentials. Key Findings: Weak token validation Missing session/device binding No token expiration or rotation Impact: Unauthorized account access, financial data exposure, and fraud risk. Outcome: Delivered a professional VAPT report with proof of concept (PoC), risk assessment, and remediation recommendations based on OWASP best practices.
0
21
0
Capture The Flag (CTF) Challenge Development & Competition Support Designed and developed hands-on Capture The Flag (CTF) challenges for cybersecurity competitions, covering multiple domains such as web exploitation, cryptography, reverse engineering, OSINT, forensics, and binary exploitation. Assisted in planning, testing, and hosting the competition to ensure a smooth participant experience. Responsibilities: Created original CTF challenges with varying difficulty levels Developed flags, hints, and challenge validation Tested challenges for stability and fairness Assisted with competition infrastructure and event support Prepared write-ups and solutions for post-event learning Outcome: Successfully contributed to a well-organized CTF event that provided participants with practical, real-world cybersecurity challenges and an engaging learning experience.
0
8
0
Mobile Application Penetration Testing (VAPT) Conducted a comprehensive Mobile Application Penetration Test to assess the security of Android/iOS applications and their backend APIs. Identified and validated multiple Critical and High-risk vulnerabilities through manual and automated testing. Scope of Work: OWASP Mobile Top 10 testing Authentication & authorization testing API security assessment Insecure data storage analysis SSL/TLS & certificate pinning validation Session management and business logic testing Professional VAPT reporting with PoC and remediation guidance Outcome: Delivered a detailed VAPT report with verified findings, business impact analysis, proof of concept (PoC), and prioritized remediation recommendations to help improve the application's security and resilience against real-world attacks.
0
12
1
Web Application Vulnerability Assessment & Penetration Testing (VAPT) Performed a comprehensive Web Application VAPT to identify and validate security vulnerabilities through manual and automated testing. The assessment uncovered multiple Critical and High-risk vulnerabilities that could lead to unauthorized access, data exposure, and business impact. Scope of Work: OWASP Top 10 security testing Authentication & authorization testing API security assessment Session management analysis Business logic testing Manual exploitation and validation Professional VAPT reporting with risk ratings, PoC, and remediation guidance Outcome: Delivered an executive-level security report containing verified findings, proof of concept (PoC), business impact analysis, and actionable remediation recommendations, enabling the client to strengthen their overall security posture.
1
60
Acunetix
(1)
Follow
Message
Ram Krishna
Bhubaneswar, India
Custom Websites & Software with Top-tier Security 🔒
Follow
Message
Custom Websites & Software with Top-tier Security 🔒
0
Manual & Auto Penetration Testing: Website, API, Mobile, Cloud
0
23
0
Professional Presentation Design for Tech Conference
0
18
0
Responsive Custom Website with Enhanced Security
0
11
View more →
Acunetix
(1)
Follow
Message
Gyanranjan Jha
Mumbai, India
Cybersecurity Engineer , Full stack Web Developer.
New to Contra
Follow
Message
Cybersecurity Engineer , Full stack Web Developer.
0
Grateful to be recognized in NASA's Vulnerability Disclosure Program Hall of Fame on Bugcrowd. As someone still early in my security research journey, this means a lot. Found a reflected XSS vulnerability, reported it, and it was accepted. Simple as that. Still a lot to learn, but this is a good reminder to keep going.Letter of Recognition should arrive after some time.
0
51
0
I am excited to share a project I've been working on: the_almighty, a deterministic web-vulnerability scanner built entirely in Go. Unlike traditional black-box scanners that rely on simple payload spraying, the_almighty is designed with high signal-to-noise ratio in mind. Findings are only reported when verified by a Go oracle (e.g., verbatim reflection, error signature, time delay, or an out-of-band callback). Key Capabilities: 🔹 OOB Correlation: Captures blind/stored XSS, SSRF, and command injections via tokenized out-of-band callbacks. 🔹 Grey-box IAST: Server-side PHP and JS agents locate tainted input reaching dangerous sinks with file and line numbers. 🔹 Headless Browser Crawler: Leverages a pooled headless Chrome instance to crawl modern single-page applications. 🔹 AI-Powered Payload Widening: Uses local LLMs (via Ollama) to dynamically generate and expand test payloads, keeping validation deterministic. 🔹 Observation Engine: Correlates, deduplicates, and scores results into SQLite (WAL) for a clean, prioritized list. Engineered with a strict scope guard and per-host rate limiters to guarantee scanning stays safe and within boundaries. Stack: Go 1.26, Cobra, chromedp, SQLite, and Ollama. #ApplicationSecurity #SoftwareEngineering #GoLang #IAST #PenetrationTesting #DevSecOps
0
37
0
Happy to share that I’ve been recognized on the Signify (https://www.linkedin.com/company/signifycompany/) Hall of Fame for responsibly reporting a security vulnerability discovered during independent security research. Appreciate the Signify (https://www.linkedin.com/company/signifycompany/) security team for their professional handling of the report and dedication to improving security. Responsible disclosure is an important part of strengthening the security ecosystem, and I’m glad to contribute. https://www.signify.com/global/product-security/coordinated-vulnerability-disclosure/hall-of-fame #CyberSecurity (https://www.linkedin.com/search/results/all/?keywords=%23cybersecurity&origin=HASH_TAG_FROM_FEED) #BugBounty (https://www.linkedin.com/search/results/all/?keywords=%23bugbounty&origin=HASH_TAG_FROM_FEED) #ResponsibleDisclosure (https://www.linkedin.com/search/results/all/?keywords=%23responsibledisclosure&origin=HASH_TAG_FROM_FEED) #EthicalHacking (https://www.linkedin.com/search/results/all/?keywords=%23ethicalhacking&origin=HASH_TAG_FROM_FEED) #SecurityResearch (https://www.linkedin.com/search/results/all/?keywords=%23securityresearch&origin=HASH_TAG_FROM_FEED)
0
33
0
Security research update Happy to share that I’ve been recognized in the Philips Coordinated Vulnerability Disclosure Hall of Fame (2026) for responsibly reporting a security vulnerability. During security testing, I identified a vulnerability and reported it through Philips’ coordinated disclosure program. After verification by their security team, the issue was acknowledged and addressed. Moments like this highlight why responsible disclosure and collaboration between researchers and organizations are so important. Security research is not just about finding bugs — it’s about helping strengthen systems that people depend on every day. Grateful to the Philips security team for the acknowledgment and for supporting a transparent vulnerability disclosure process. On to the next bug. https://lnkd.in/dukTVr6t (https://lnkd.in/dukTVr6t)#CyberSecurity (https://www.linkedin.com/search/results/all/?keywords=%23cybersecurity&origin=HASH_TAG_FROM_FEED) #BugBounty (https://www.linkedin.com/search/results/all/?keywords=%23bugbounty&origin=HASH_TAG_FROM_FEED) #EthicalHacking (https://www.linkedin.com/search/results/all/?keywords=%23ethicalhacking&origin=HASH_TAG_FROM_FEED) #ResponsibleDisclosure (https://www.linkedin.com/search/results/all/?keywords=%23responsibledisclosure&origin=HASH_TAG_FROM_FEED) #SecurityResearch (https://www.linkedin.com/search/results/all/?keywords=%23securityresearch&origin=HASH_TAG_FROM_FEED) #AppSec (https://www.linkedin.com/search/results/all/?keywords=%23appsec&origin=HASH_TAG_FROM_FEED) #Infosec (https://www.linkedin.com/search/results/all/?keywords=%23infosec&origin=HASH_TAG_FROM_FEED)
0
47
Acunetix
(1)
Follow
Message
Explore people