Hello, I am Nirav Gadhiya

Information Security Officer
A Loving Father | A Lovable Husband | A Proud Son | A Caring Brother

Something about me

I started my career as a lecturer in an engineering college. Then I turned into development to find some challenges in my day to day routine. I choose to be a security analyst at the peak of my development career. The reasons which led me to jump in the information security domain are challenges in daily tasks, exploring and learning new things and eagerness of finding odds. As a security analyst, I worked mostly with web applications and a few mobile applications. I have also tested some external and internal networks as well. I found the current job profile interesting as I got a chance to work in various domains like e-commerce, banking portals, government portals, CRM kind of applications and e-wallets. I learned a lot by finding and exploiting vulnerabilities like Cross-Site Scripting, SQL Injection, Insecure Direct Object References, Cross-Site Request Forgery, Server-Side Request Forgery, Remote Code Execution, XML Injection, File Upload Bypasses, etc.

Penetration Testing

I am proficient with penetration testing of Mobile application, Web application and Networks. However Web Penetration testing is my favourite.

Red Teaming

To be very frank, I not expert in Red Teaming but I can rank my self as intermediate for Red Teaming as I have not done it stand alone.

Source Code Review

I have worked on several projects of Source Code Review of different languages like Objective C, Swift, Java and PHP.

Information Security Training

I provide InfoSec Training to beginners and students in collage. I am also conducting seminars and workshops in local conferences.

Tools I work on

Here is the list of tools I generally work on. I use many other tools as well as per the requirements.

Burp Suit

Burp Suit

OWASP ZAP

OWASP ZAP

SQL Map

SQL Map

Nikto

Nikto

NMap

NMap

WireShark

WireShark

Metasploit

Metasploit

Nessus

Nessus

April 17, 2020
File Inclusion Vulnerabilities
Local File Inclusion (LFI)
Nirav Gadhiya - Security Analyst

Local File Inclusion (LFI)

What is Local File Inclusion (LFI)? Local File Inclusion (LFI) is a high severity vulnerability which arises when application allows an atta…

March 09, 2020
SSRF
Server-Side Request Forgery
Nirav Gadhiya - Security Analyst

Server-Side Request Forgery

What is Server-Side Request Forgery (SSRF)? Server-Side Request Forgery which is also known as SSRF arises when an attacker can enforce the …

March 09, 2020
RCE
Remote Code Execution - RCE
Nirav Gadhiya - Security Analyst

Remote Code Execution - RCE

What is Remote Code Execution (RCE)? Remote Code Execution (RCE) allows an attacker to execute code on the server of the web application. RC…

March 08, 2020
Broken Access Control
Cross-Site Request Forgery - CSRF
Nirav Gadhiya - Security Analyst

Cross-Site Request Forgery - CSRF

What is Cross-Site Request Forgery (CSRF)? A Cross-Site Request Forgery (CSRF) is a vulnerability that allows an attacker to enforce a user …

March 08, 2020
Broken Access Control
Insecure Direct Object Reference (IDOR)
Nirav Gadhiya - Security Analyst

Insecure Direct Object Reference (IDOR)

What is Insecure Direct Object Reference (IDOR)? IDOR vulnerabilities arise when an application fails to authenticate the request which refe…

March 08, 2020
XXE
Blind Error-Based XXE
Nirav Gadhiya - Security Analyst

Blind Error-Based XXE

What is Blind XXE? When an application is vulnerable to the XXE attacks but the server doesn't provide any information via HTTP response…