OFFENSIVE WEB SECURITY PORTFOLIO

I weaponize curiosity, break web assumptions, and secure products with precision.

I am Vivek Bhandari - Web CTF Player, Web Security Analyst, and Bug Bounty Hunter. I uncover exploit chains, quantify impact, and convert findings into practical remediation strategies.

View Operations Work With Me

Current Focus

Advanced Web Exploitation

Primary Arena

CTFs + Live Bug Bounty Programs

Specialization

Authentication and Business Logic

THREE IDENTITIES

Field roles with execution depth

01

Web CTF Player

Rapid recon and payload iteration across XSS, SSRF, template injection, IDOR, and auth bypass chains.

  • Fast attack surface mapping
  • Exploit development under pressure
  • Writeups with reproducible attack paths

02

Web Security Analyst

Deep analysis of exploit viability, blast radius, and business impact with engineering-first remediation guidance.

  • Threat modeling and abuse-case analysis
  • Code-aware risk prioritization
  • Fix validation and retest workflow

03

Bug Bounty Hunter

High-signal vulnerability hunting focused on critical findings, clear impact proof, and responsible disclosure.

  • Impact-first finding triage
  • Proof-of-concept clarity
  • Professional disclosure communication

TACTICAL ARSENAL

Core security capabilities

  • Web Application Security Testing (IDOR, Auth, Access Control)
  • API Security Testing
  • Manual Testing with Burp Suite
  • Subdomain Enumeration and Recon Automation
  • Python-Based Security Tool Development
  • Role-Based Access Control Design
  • Linux Security Testing Environment
  • Git and Project Version Control
  • Business Logic Vulnerability Analysis

Delivery model: threat-driven testing, clear exploit validation, and remediation-ready reporting for engineering teams.

SELECTED OPS

Security operation snapshots

Featured Build

URLPathGuard - Intelligent URL Threat Detection Engine

Modular security pipeline that ingests HTTP logs/PCAP-derived data, normalizes URL paths and parameters, and detects attacks like path traversal, XSS payloads, unauthorized access attempts, and malicious parameter tampering.

Designed around ingestion, parsing, detection, enrichment, and alert layers to simulate practical SOC workflows with scalable architecture.

View on GitHub

Assessment Practice

OWASP Top 10 Web Security Testing

Performed web application security testing aligned with OWASP Top 10 risk categories, including authentication, access control, injection, and security misconfiguration assessments.

View Sample Report

Recon Platform

Maintenance

ZeroStalker - Recon and Surface Mapping Tool

Lightweight reconnaissance engine for security researchers and bug bounty workflows, focused on discovering exposed subdomains, live hosts, and high-value external attack surface.

Automates early-phase recon by collecting public intelligence, filtering active assets, and organizing results into structured output for faster investigation and prioritization.

Built with a modular design for future endpoint discovery, tech fingerprinting, and vulnerability pattern detection integrations.

OPEN FOR SECURITY ENGAGEMENTS

Build fast. Ship safe. Break less.

Available for web application security testing, vulnerability assessments, and offensive security collaborations.

Contact Me