About Me

I'm a Web Application Penetration Tester and Ethical Hacker dedicated to helping organizations discover and fix security vulnerabilities before attackers do.

My journey in cybersecurity started with a passion for understanding how systems work and, more importantly, how they can be broken. I realized early that the best defense comes from thinking like an attacker—anticipating vulnerabilities before they're exploited.

Over the years, I've helped 25+ organizations across various industries—from fintech startups to established SaaS companies— identify and remediate critical vulnerabilities. I've ranked in international CTF competitions (Black Hat USA, Iran Tech Olympics) and actively participate in bug bounty programs on platforms like Bugcrowd, YesWeHack, and Intigriti.

What sets me apart is my commitment to going beyond automated scanners. I manually test every application, analyze business logic flaws, chain vulnerabilities to demonstrate real-world impact, and provide developer-friendly remediation guidance. My reports aren't just a list of problems—they're a roadmap to genuine security improvement.

"I don't just run scanners — I think like an attacker to find what others miss."

Beyond my technical expertise, I believe in continuous learning. I hold multiple certifications, contribute to open-source security projects, and stay updated on emerging threats and methodologies. I'm also passionate about sharing knowledge—through writeups, CTF solutions, and mentoring aspiring security professionals.

When I'm not testing applications, you'll find me exploring new attack vectors, contributing to the security community, or diving into classical Islamic studies (Dars e Nizami). I'm multilingual—fluent in Urdu, Punjabi, and English—which helps me work effectively with diverse international clients.

My Approach

Core principles that guide my security testing methodology.

  • OWASP Top 10 and API Top 10 aligned testing
  • Manual analysis with strategic tool assistance
  • Business logic vulnerability identification
  • Attack chain demonstration for maximum impact
  • CVSS-scored, reproducible, actionable reports
  • Developer-friendly remediation guidance
  • Free retesting after fixes are implemented

Tools & Technologies

The instruments of my trade. I combine deep tool knowledge with manual analysis.

Burp Suite

OWASP ZAP

Postman

ffuf

Nuclei

SQLMap

Nmap

Subfinder

Metasploit

Beyond Security

Because I'm more than just a pentester.

Islamic Scholar in Training: I'm pursuing classical Islamic education (Dars e Nizami), which teaches me discipline, critical thinking, and deep understanding. These principles directly enhance my security research.

Multilingual: Fluent in Urdu, Punjabi, and English. This helps me communicate effectively with global clients and understand diverse cultural contexts in security practices.

Community Contributor: I actively share knowledge through CTF writeups, vulnerability disclosures, and mentoring aspiring security professionals. I believe in lifting others as I climb.

Continuous Learner: The security landscape evolves constantly. I stay current through certifications, research, and hands-on experimentation with emerging technologies and attack vectors.

Ready to Work Together?

Let's discuss how I can help secure your web application and APIs.

Get in Touch