Penetration Tester

VAPT Analyst

API Security Researcher

Offensive Security Specialist


Stay safe from cyber

Offensive Security Engineer
Web & API Exploitation Specialist

Identifying Critical Vulnerabilities Before Attackers Do.
Specializing in OWASP Top 10 & OWASP API Security Top 10.

LET'S Connect!

3+

Critical (P1)
Vulnerabilities Reported

10+

Web & API Security
Assessments Performed

Cyber SVG
Who SVG

Who Am I?

I’m Gaurav Dnyaneshwar Dupare, a Penetration Tester and API Security Researcher based in Maharashtra, India.
I specialize in Web Application and API Security, focusing on OWASP Top 10 and OWASP API Security Top 10 vulnerabilities including
Authentication Bypass, IDOR (BOLA), Broken Access Control, and Path Traversal.
Critical Vulnerabilities Identified
. Unauthenticated Path Traversal – Arbitrary file read
. Authentication Bypass – Admin API exposure
. Broken Object Level Authorization (IDOR/BOLA) – Privilege escalation
My expertise includes manual vulnerability discovery, access control analysis,
session management testing, reconnaissance, and lab-based post-exploitation.
I am actively seeking entry-level roles in Penetration Testing, VAPT, Red Teaming, and API Security.

LET'S Connect!

Vulnerability Research

Real-world vulnerability discoveries & coordinated disclosures

Critical Unauthenticated Path Traversal (P1)

Identified a critical unauthenticated directory traversal vulnerability allowing arbitrary file read and potential server compromise.

  • Sensitive data exposure
  • Server-side file access
  • High severity impact (P1)

Status: Responsibly disclosed through coordinated vulnerability disclosure program.

Authentication Bypass & Admin API Exposure

Discovered a critical authentication bypass vulnerability exposing protected admin API endpoints and sensitive user data.

  • Full user database exposure
  • Credential and token leakage
  • Administrative privilege compromise

Status: Exploit validated and responsibly reported.

IDOR / BOLA Privilege Escalation

Identified Broken Object Level Authorization (IDOR/BOLA) vulnerability allowing unauthorized privilege escalation via endpoint manipulation.

  • Horizontal & vertical access control bypass
  • Unauthorized data modification
  • Authorization logic flaw

Status: Demonstrated exploitation and reported responsibly.

Security Research Illustration

Security Projects

Hands-on offensive security tools, automation, and lab-based research

Security Projects Illustration

Web Vulnerability Scanner

Developed a modular web application security scanner capable of detecting critical OWASP Top 10 vulnerabilities using automated analysis techniques.

  • XSS Detection
  • SQL Injection (Boolean & Error-based)
  • NoSQL Injection
  • Command Injection
  • Broken Access Control Testing
  • Multi-threaded endpoint crawler
  • Automated professional PDF reporting

Tech Stack: Python, Flask, Security Automation

Phishing URL Detection System

Built an end-to-end phishing detection system leveraging feature engineering and machine learning models for real-time threat detection.

  • URL feature engineering
  • Character-level TF-IDF extraction
  • Logistic Regression & Random Forest models
  • Flask-based deployment for live prediction

Tech Stack: Python, Scikit-learn, Flask

Network & System Security Toolkit

Developed multiple educational security tools in a controlled lab environment to understand network exploitation techniques and defensive analysis.

  • Network Scanner
  • MAC Address Changer
  • ARP Spoofer & DNS Spoofer (Lab-based)
  • Packet Sniffer
  • File Interceptor & Code Injector (Simulation)
  • Spoof Detection Utility

Environment: Kali Linux Lab Setup

Malware Research (Educational Lab)

Conducted controlled laboratory research to understand malware behavior, persistence mechanisms, and detection techniques.

  • Keylogger simulation
  • Backdoor mechanism analysis
  • Malware packaging & evasion study

Note: All research conducted ethically in isolated lab environments.

Technical Skills

Offensive security expertise & development stack

Offensive Security

Penetration Testing • VAPT • Red Teaming • Reconnaissance • Post-Exploitation • Privilege Escalation • OSINT

Web & API Security

OWASP Top 10 • OWASP API Security Top 10 • IDOR / BOLA • Authentication Bypass • Broken Access Control • SQL Injection • XSS • CSRF • Path Traversal

Network Security

Nmap • ARP Spoofing • DNS Spoofing • Packet Analysis • Wireshark • MAC Address Manipulation • Network Enumeration

Security Tools

Burp Suite • OWASP ZAP • Nmap • Metasploit • Nikto • SQLMap • Wireshark • Dirsearch

Full Stack Development

Frontend: HTML • CSS • JavaScript Backend: Python (Flask) • PHP Database: MySQL API Development & Integration

Programming

Python • Java • C • C++ • Bash • MATLAB • Scikit-learn

Skills Illustration