Bug Bounty Hunting & Web App Security Research
Himanshu Kumar
Background
Over nearly 2 years (2020-2022), I actively participated in bug bounty programs on HackerOne and competed in Capture The Flag (CTF) challenges on Hack The Box. This hands-on security research shaped the foundation of my approach to building secure systems today.
HackerOne Bug Bounty Hunting (Apr 2021 - Jul 2022)
Participated in multiple bug bounty programs, identifying and responsibly disclosing security vulnerabilities in production web applications. Focus areas included:
SQL injection discovery and exploitation
Cross-site scripting (XSS) — reflected, stored, and DOM-based
Authentication bypass and session management flaws
OWASP Top 10 vulnerability assessment across live targets
Writing clear, reproducible proof-of-concept reports for engineering teams
Hack The Box CTF Challenges (Sep 2020 - Jul 2022)
Spent nearly 2 years on Hack The Box, working through machines and challenges that covered:
Web application penetration testing
Vulnerability assessment and exploitation
Privilege escalation techniques
Network enumeration and service fingerprinting
Real-world attack simulation in controlled environments
How This Informs My Engineering Work
Every authentication system, API endpoint, and multi-tenant architecture I build today is informed by knowing how attackers think. My security research background means I don't just follow OWASP checklists — I understand the actual attack vectors behind each item and build defenses accordingly.
This experience directly feeds into my current work: OAuth/JWT implementations, session hardening, role-based access control, and security audit logging.
Like this project
Posted Jun 16, 2026
Identified and reported security vulnerabilities across web apps via HackerOne bounties and Hack The Box CTFs. Focus: OWASP Top 10, SQL injection, XSS.
Likes
0
Views
0
Timeline
Sep 1, 2020 - Jul 31, 2022
