MD MESBAUL ISLAM - Cybersecurity Specialist | ContraWork by MD MESBAUL ISLAM
MD MESBAUL ISLAM

MD MESBAUL ISLAM

Certified Penetration Tester | Web, Mobile & API Sec. Expert

New to Contra

MD MESBAUL is ready for their next project!

Cover image for Capture The Flag (CTF) Challenge
Capture The Flag (CTF) Challenge Development & Competition Support Designed and developed hands-on Capture The Flag (CTF) challenges for cybersecurity competitions, covering multiple domains such as web exploitation, cryptography, reverse engineering, OSINT, forensics, and binary exploitation. Assisted in planning, testing, and hosting the competition to ensure a smooth participant experience. Responsibilities: Created original CTF challenges with varying difficulty levels Developed flags, hints, and challenge validation Tested challenges for stability and fairness Assisted with competition infrastructure and event support Prepared write-ups and solutions for post-event learning Outcome: Successfully contributed to a well-organized CTF event that provided participants with practical, real-world cybersecurity challenges and an engaging learning experience.
0
8
Cover image for Mobile Application Penetration Testing (VAPT)
Conducted
Mobile Application Penetration Testing (VAPT) Conducted a comprehensive Mobile Application Penetration Test to assess the security of Android/iOS applications and their backend APIs. Identified and validated multiple Critical and High-risk vulnerabilities through manual and automated testing. Scope of Work: OWASP Mobile Top 10 testing Authentication & authorization testing API security assessment Insecure data storage analysis SSL/TLS & certificate pinning validation Session management and business logic testing Professional VAPT reporting with PoC and remediation guidance Outcome: Delivered a detailed VAPT report with verified findings, business impact analysis, proof of concept (PoC), and prioritized remediation recommendations to help improve the application's security and resilience against real-world attacks.
0
12
Cover image for Web Application Vulnerability Assessment &
Web Application Vulnerability Assessment & Penetration Testing (VAPT) Performed a comprehensive Web Application VAPT to identify and validate security vulnerabilities through manual and automated testing. The assessment uncovered multiple Critical and High-risk vulnerabilities that could lead to unauthorized access, data exposure, and business impact. Scope of Work: OWASP Top 10 security testing Authentication & authorization testing API security assessment Session management analysis Business logic testing Manual exploitation and validation Professional VAPT reporting with risk ratings, PoC, and remediation guidance Outcome: Delivered an executive-level security report containing verified findings, proof of concept (PoC), business impact analysis, and actionable remediation recommendations, enabling the client to strengthen their overall security posture.
1
50
Cover image for Account Takeover (ATO) via Token
Account Takeover (ATO) via Token Vulnerability Identified a critical Account Takeover (ATO) vulnerability during web application and API penetration testing of a financial platform. By exploiting insecure token validation, I gained unauthorized access to user accounts without credentials. Key Findings: Weak token validation Missing session/device binding No token expiration or rotation Impact: Unauthorized account access, financial data exposure, and fraud risk. Outcome: Delivered a professional VAPT report with proof of concept (PoC), risk assessment, and remediation recommendations based on OWASP best practices.
0
21