Projects
I have dealt with multiple projects over my career in the area of cyber security and digital marketing. My achievements illustrate my focus on safeguarding digital assets, boosting visibility, and accomplishing goals. Results speak for itself.
​
​From securing networks and performing penetration tests to executing data-driven marketing strategies and optimizing campaigns, I bring both technical expertise and creative thinking to the table.
Project name Thesis on Cyber
Security & Ethical Hacking !
Cybersecurity Researcher
This thesis presents a focused study on common web vulnerabilities—including SQLi, LFI, RCE, XSS, and CSRF—and their detection using ethical hacking tools like Havij, Cyberfox, Burp Suite, and Kali Linux. It emphasizes practical Vulnerability Assessment and Penetration Testing (VAPT) methods, along with the role of WAFs and cryptography in securing web applications. All testing was conducted ethically in a controlled environment.
​
Key Highlights:
​
-
Documented technical insights into major web vulnerabilities and their impact
-
Performed tool-based vulnerability assessments using Havij, Cyberfox, and Burp Suite
-
Analyzed the effectiveness of WAFs in mitigating attacks
-
Evaluated VAPT practices through theoretical and practical examples
-
Proposed mitigation strategies to enhance web security posture
Project name Web & DNS Recon with Nuclei on Linux !
Security Testing Analyst
In this project, I used Nuclei, a fast and customizable vulnerability scanner on Kali Linux, to perform targeted reconnaissance and vulnerability testing on web assets. The assessment included both technical scans (exploiting known CVEs, misconfigurations, and exposed panels) and DNS-based scans (such as subdomain enumeration, DNS takeover checks, and zone transfer testing).
The scans leveraged community and custom-built Nuclei templates to identify weaknesses efficiently across different layers of the target environment. A detailed report was created summarizing the findings, severity levels, and recommended remediations.
​
Key Highlights: ​
​
-
Performed web and DNS reconnaissance using Nuclei on Kali Linux
-
Identified exposed admin panels, misconfigured services, and outdated components
-
Conducted DNS subdomain scans and checked for DNS takeover vulnerabilities
​
Note: This engagement followed responsible disclosure practices, with no harm caused to any production systems.
Project name Web Vulnerability Assessment with Nessus
Security Testing Analyst
This project involved performing a web application vulnerability assessment using Nessus, a widely recognized automated vulnerability scanning tool developed by Tenable. The target was http://testphp.vulnweb.com/, a purposely vulnerable web application used for ethical hacking and testing practice. The objective was to uncover potential security issues within the application and evaluate its exposure to known vulnerabilities.
​
Key Highlights:
​
-
Performed an automated web vulnerability scan using Nessus on a test application
-
Identified multiple vulnerabilities including outdated software, XSS, and misconfigurations
-
Categorized risks based on severity: critical, high, medium, low
-
Analyzed the impact on system security, data exposure, and web application integrity
​
Note: This assessment was conducted strictly on a known vulnerable testing environment (http://testphp.vulnweb.com/) for educational and demonstration purposes only. No unauthorized or unethical activity was performed.
Project name Web Vulnerability Assessment with Acunetix !
Security Testing Analyst
This project involved conducting a full-scale web vulnerability assessment using Acunetix, a leading automated web application security scanner. The target application was evaluated for security weaknesses across its surface, resulting in the detection of 38 vulnerabilities, including 4 critical threats that posed a significant risk to data confidentiality, integrity, and application availability.
The scan covered common and advanced security issues such as SQL Injection, XSS, unsecured authentication mechanisms, exposed directories, and insecure HTTP headers. Each finding was analyzed, verified, and documented with technical details and actionable remediation steps.
​
Key Highlights: ​
​
-
Performed a comprehensive scan using Acunetix on a live web application
-
Discovered 38 vulnerabilities, including 4 critical-level threats
-
Identified high-risk issues such as SQL Injection, XSS, and misconfigurations
-
Analyzed vulnerability impact on system integrity and user data security
-
Prepared a structured report with risk categorization and recommended fixes
-
Followed ethical testing standards in a controlled and authorized environment
​
Note: This engagement followed responsible disclosure practices, with no harm caused to any production systems.
Project name Burp Suite Web Exploitation !
Web Security Analyst
This project focused on using Burp Suite to analyze and exploit web application vulnerabilities through manual testing techniques. I demonstrated key functionalities such as proxy configuration, target scope setup, and the use of Repeater and Intruder tools to intercept, modify, and automate HTTP requests. The project emphasized the importance of precise request manipulation in identifying flaws in web security.
​
Key Highlights:
​
-
Configured Burp Suite proxy to intercept browser traffic
-
Defined and managed target scope for focused testing
-
Used Repeater to manipulate and test HTTP requests manually
-
Employed Intruder to automate attack payloads
Project name Ethical LFI Penetration Tester !
Web Security Analyst
This project involved ethical testing of two web applications to identify Local File Inclusion (LFI) vulnerabilities. The goal was to assess the risk of unauthorized file access due to insecure file handling. Controlled exploitation demonstrated how attackers could read sensitive files and traverse directories. All activities were conducted responsibly within a legal testing environment.
​
Key Highlights:
​
-
Tested two live web applications for LFI vulnerabilities
-
Successfully exploited LFI to access sensitive system files (e.g., /etc/passwd)
-
Demonstrated directory traversal attacks
-
Documented impact on data confidentiality and application security
-
Created reports with reproduction steps and mitigation strategies
Project name Cyberfox Session Hijack !
Web Security Analyst
This project involved conducting a passive security assessment of five live web applications using Cyberfox, an automated web vulnerability scanner. The objective was to identify prevalent web vulnerabilities, including Cross-Site Scripting (XSS), SQL Injection (SQLi), Insecure Direct Object References (IDOR), and misconfigured or missing security headers.
Automated scanning was complemented by manual verification to ensure result accuracy and reduce false positives. All activities adhered strictly to ethical hacking standards and responsible disclosure policies.
​
Key Highlights:
​
-
Identified and verified XSS, SQLi, IDOR, and misconfigured security headers
-
Assessed five live websites in a controlled, ethical environment
-
Balanced automation with manual testing for vulnerability detection
-
Compiled comprehensive vulnerability assessment reports
-
Gained practical experience in web application security analysis
Project name A Sample Bug Report !
Bug Bounty Researcher
In this project, I discovered and responsibly disclosed a critical SQL Injection (SQLi) vulnerability in a live web application. Using Havij, an advanced automated SQLi testing tool, I evaluated the site's input validation and database interaction mechanisms for potential flaws.
The vulnerability could allow unauthorized access to the backend database, putting sensitive user data and administrative credentials at risk. The assessment was conducted in a controlled environment, adhering to ethical hacking standards.
​
Key Highlights:
​
-
Discovered a critical SQLi vulnerability through automated and manual analysis
-
Demonstrated impact through a proof-of-concept (PoC) with screenshots and query logs
-
Evaluated the potential compromise of sensitive user data and admin credentials
-
Developed a clear reproduction guide to support remediation efforts
-
Recommended security best practices to address the vulnerability
Project name SQLi Security Testing using Havij !
Web Application Security Tester
As part of my project in ethical hacking and cyber security, I performed a vulnerability assessment with an automated SQL Injection tool called Havij, which is quite potent. The primary objective was to identify and understand SQL injection flaws in real-world web applications.
During this project, I successfully identified and exploited SQL Injection vulnerabilities in five different websites (within a legal and controlled environment). Using Havij, I was able to extract database information, simulate unauthorized access, and generate detailed reports highlighting the potential impact of these vulnerabilities.
Key Highlights:
​
-
Identified and exploited SQL Injection vulnerabilities on 5 targeted sites
-
Extracted critical database information for security analysis
-
Executed unauthorized login methods using SQL injection
-
Participated in offensive security and web application testing
Project name SQLi Authentication Bypass Test !
Web Application Security Tester
Identified a classic SQL Injection vulnerability in a college web application’s login form that allowed full authentication bypass using a simple payload (' OR '1'='1). Gained unauthorized access to the admin panel, demonstrating a critical lack of input sanitization. The issue was ethically verified in a secure lab environment, and a detailed report with proof of concept and remediation recommendations was prepared.
Key Highlights:
​
-
Discovered classic SQLi vulnerability on a college website's login form
-
Gained unauthorized admin access using a basic ' OR '1'='1 payload
-
Demonstrated risks to data confidentiality and administrative control
-
Documented exploitation process and proposed secure coding practices
-
Conducted testing in a responsible and controlled lab environment
​
Alert: Be Aware & Be Secure!
