Passionate about discovering and responsibly disclosing security vulnerabilities in modern web applications through real-world bug bounty and vulnerability disclosure programs.
I specialize in web application security testing with a strong focus on reconnaissance, attack surface mapping, vulnerability assessment, and responsible disclosure. I approach every target with a researcher's mindset — not just scanning, but understanding how the application works and where it breaks.
Actively exploring security programs on YesWeHack, Bugcrowd, and HackerOne.
With a solid foundation in networking, Linux, operating systems, and cryptography, I enjoy going deep into how systems are built — because understanding systems is the first step to breaking them responsibly.
Security & Offensive Testing Web Application Security · Vulnerability Assessment & Analysis · Reconnaissance & Enumeration · OSINT & Attack Surface Discovery · API Security Testing
Tools Burp Suite · Nmap · Nuclei · Metasploit · Subfinder · httpx · ffuf · gobuster · Waybackurls · gau · katana
Systems & Development Kali Linux · Ubuntu · Networking & OS Fundamentals · Python · Bash Scripting · Git & GitHub
- Hunting real-world vulnerabilities across active bug bounty programs
- Deepening expertise in web application and API penetration testing
- Building recon automation tools to improve testing efficiency
- Writing and publishing technical security research publicly
- Working toward professional red teaming and OSCP certification
I believe in learning in public. Everything I discover, report, and build gets documented — on GitHub and on LinkedIn. This profile is a live record of that journey.
🔗 linkedin.com/in/rishurana2867
"Security is not just finding vulnerabilities — it's understanding systems deeply enough to think beyond their intended behavior."