Local File Inclusion (LFI)
What is Local File Inclusion (LFI)? Local File Inclusion (LFI) is a high severity vulnerability which arises when application allows an atta…
Information Security Officer
A Loving Father | A Lovable Husband | A Proud Son | A Caring Brother
I started my career as a lecturer in an engineering college. Then I turned into development to find some challenges in my day to day routine. I choose to be a security analyst at the peak of my development career. The reasons which led me to jump in the information security domain are challenges in daily tasks, exploring and learning new things and eagerness of finding odds. As a security analyst, I worked mostly with web applications and a few mobile applications. I have also tested some external and internal networks as well. I found the current job profile interesting as I got a chance to work in various domains like e-commerce, banking portals, government portals, CRM kind of applications and e-wallets. I learned a lot by finding and exploiting vulnerabilities like Cross-Site Scripting, SQL Injection, Insecure Direct Object References, Cross-Site Request Forgery, Server-Side Request Forgery, Remote Code Execution, XML Injection, File Upload Bypasses, etc.
I am proficient with penetration testing of Mobile application, Web application and Networks. However Web Penetration testing is my favourite.
To be very frank, I not expert in Red Teaming but I can rank my self as intermediate for Red Teaming as I have not done it stand alone.
I have worked on several projects of Source Code Review of different languages like Objective C, Swift, Java and PHP.
I provide InfoSec Training to beginners and students in collage. I am also conducting seminars and workshops in local conferences.
Here is the list of tools I generally work on. I use many other tools as well as per the requirements.
What is Local File Inclusion (LFI)? Local File Inclusion (LFI) is a high severity vulnerability which arises when application allows an atta…
What is Server-Side Request Forgery (SSRF)? Server-Side Request Forgery which is also known as SSRF arises when an attacker can enforce the …
What is Remote Code Execution (RCE)? Remote Code Execution (RCE) allows an attacker to execute code on the server of the web application. RC…
What is Cross-Site Request Forgery (CSRF)? A Cross-Site Request Forgery (CSRF) is a vulnerability that allows an attacker to enforce a user …
What is Insecure Direct Object Reference (IDOR)? IDOR vulnerabilities arise when an application fails to authenticate the request which refe…
What is Blind XXE? When an application is vulnerable to the XXE attacks but the server doesn't provide any information via HTTP response…
You can always reach out to me at following contact information: