Profileimage by Hassan Jawaid Penetration Tester from Karachi

Hassan Jawaid

available

Last update: 18.04.2024

Penetration Tester

Graduation: BSc Computer Science
Hourly-/Daily rates: show
Languages: English (Full Professional)

Keywords

Carry Out Assessments Burp Suite Manual Testing Business Logic Penetration Testing Digital Assets Intelligence Assessment Vulnerability Web Applications Cybercrime + 2 more keywords

Attachments

Hassan-Jawaid-FlowCV-Resume-20240129_180424.pdf

Skills

As a passionate security researcher and Penetration Tester with over 4 years of experience in Bug Bounty hunting, I have honed my skills in identifying and mitigating vulnerabilities across digital landscapes. You can gain insight into my expertise and track record through my profile on Bugcrowd.com/hassanjawaid. For a glimpse into my work, I have attached one of my comprehensive reports showcasing my methodology and findings.
What sets my approach apart is my focus on uncovering not only the common vulnerabilities outlined in the OWASP Top 10 but also delving deeper into business logic vulnerabilities, which are often overlooked yet pose significant risks if exploited. By targeting these nuanced weaknesses, I aim to provide comprehensive security assessments that go beyond surface-level vulnerabilities, ensuring robust protection for digital assets.
In executing my assessments, I rely on a carefully curated set of tools tailored to meet the unique challenges of each engagement:
  1. SilentPush for Information Gathering: Leveraging the capabilities of SilentPush (https://explore.silentpush.com/register?referral=hj90001), I conduct thorough reconnaissance to gather critical intelligence about the target environment. This enables me to establish a solid foundation for my testing efforts and identify potential entry points for further exploration.
  2. Burp Suite for Manual Testing: Burp Suite serves as my go-to tool for manual testing, allowing me to interact with web applications in real-time and uncover vulnerabilities that automated scanners may overlook. Its versatility and extensive feature set empower me to conduct in-depth assessments and validate potential security issues with precision.
  3. Nuclei for CVEs and Exploits: Nuclei plays a pivotal role in my toolkit, enabling me to efficiently identify Common Vulnerabilities and Exposures (CVEs) and potential exploits that may pose a threat to the target environment. By leveraging Nuclei's extensive collection of templates, I can quickly scan for known vulnerabilities and prioritize remediation efforts accordingly.
Through the strategic integration of these tools and methodologies, I strive to deliver actionable insights and recommendations that empower organizations to fortify their defenses against cyber threats. My proactive approach, coupled with a relentless pursuit of excellence, ensures that I am equipped to tackle even the most challenging security scenarios with confidence and expertise.
I am excited about the opportunity to bring my unique perspective and skill set to your team at CondiGnum. With a proven track record of success in Bug Bounty hunting and penetration testing, I am confident that I can make a valuable contribution to your cybersecurity initiatives.
Thank you for considering my application. I look forward to the possibility of discussing how my experience and expertise align with your organization's needs in more detail.

Project history

06/2022 - Present
Application Security Engineer
Cubix.co (Internet and Information Technology, 250-500 employees)

Performed penetration testing of the web and mobile applications. I am responsible for:

- Identifying and exploiting the flaws.
- Providing proof of concepts.
- Revalidation of patches.
- Follow up with the team.

09/2022 - 09/2022
Ethical Hacker
AtomPoint (Internet and Information Technology, 10-50 employees)

Performed penetration testing of the web application. I was responsible for:

- Identifying and exploiting the flaws.
- Providing proof of concepts.
- Revalidation of patches.
- Follow up with the team.

Local Availability

Only available for remote work

Other

If you're seeking an automated scan report, please refrain from reaching out to me.
Profileimage by Hassan Jawaid Penetration Tester from Karachi Penetration Tester
Register