Hello, I am Nirav Gadhiya

Information Security Officer
A Loving Father | A Lovable Husband | A Proud Son | A Caring Brother

Something about me

I started my career as a lecturer in an engineering college. Then I turned into development to find some challenges in my day to day routine. I choose to be a security analyst at the peak of my development career. The reasons which led me to jump in the information security domain are challenges in daily tasks, exploring and learning new things and eagerness of finding odds. As a security analyst, I worked mostly with web applications and a few mobile applications. I have also tested some external and internal networks as well. I found the current job profile interesting as I got a chance to work in various domains like e-commerce, banking portals, government portals, CRM kind of applications and e-wallets. I learned a lot by finding and exploiting vulnerabilities like Cross-Site Scripting, SQL Injection, Insecure Direct Object References, Cross-Site Request Forgery, Server-Side Request Forgery, Remote Code Execution, XML Injection, File Upload Bypasses, etc.

Penetration Testing

I am proficient with penetration testing of Mobile application, Web application and Networks. However Web Penetration testing is my favourite.

Red Teaming

To be very frank, I not expert in Red Teaming but I can rank my self as intermediate for Red Teaming as I have not done it stand alone.

Source Code Review

I have worked on several projects of Source Code Review of different languages like Objective C, Swift, Java and PHP.

Information Security Training

I provide InfoSec Training to beginners and students in collage. I am also conducting seminars and workshops in local conferences.

Tools I work on

Here is the list of tools I generally work on. I use many other tools as well as per the requirements.

Burp Suit

Burp Suit

OWASP ZAP

OWASP ZAP

SQL Map

SQL Map

Nikto

Nikto

NMap

NMap

WireShark

WireShark

Metasploit

Metasploit

Nessus

Nessus

Local File Inclusion (LFI)
Server-Side Request Forgery
Remote Code Execution - RCE
Cross-Site Request Forgery - CSRF
Insecure Direct Object Reference (IDOR)
Blind Error-Based XXE