Aman Singh

Objective

A highly motivated and skilled pentester and bug bounty hunter with hands-on experience in web application security, vulnerability testing, and ethical hacking. Seeking a position to leverage my skills and knowledge in a Product Security Analyst role to contribute to securing digital platforms and enhancing security protocols.

Skills

• Proficient in manual and automated security testing tools like Burp Suite, Nmap, SQL, TOR, Wireshark, Splunk and Wazuh.
• Expertise in identifying vulnerabilities like XSS, SQL Injection, Remote Code Execution, and Security Misconfigurations.
• Experienced in submitting bugs on bug bounty platforms like HackerOne and BugCrowd.
• Knowledge of network security and vulnerability scanning.
• Proficient in Python, Bash, JavaScript, and basic scripting for automating security tests.
• Expertise in OWASP Top 10 vulnerabilities and remediation.
• Understanding of DevSecOps practices for integrating security into the development lifecycle.

Experience

• Bug Bounty Hunter - Freelance (July 2020 – Present)
  • Conducted vulnerability assessments and penetration tests on various applications.
  • Reported and tracked findings through bug bounty platforms on HackerOne.
  • Prioritized vulnerabilities based on severity and impact to assist clients in mitigating risks.
  • Performed penetration testing on web applications, networks, and mobile applications for small businesses.
  • Used tools like Burp Suite, Nikto, and Nmap to identify security vulnerabilities.
  • Generated comprehensive reports and recommendations for enhancing security measures.
  • Delivered client presentations on vulnerabilities found and risk mitigation strategies.

Technical Proficiency

• Networking & TCP/IP (3+ years): Identifying network-based attack vectors.
• Web App Pentesting (4 years): OWASP Top 10 focus, real bugs on HackerOne and Bugcrowd.
• Burp Suite (3+ years):Manual testing, Repeater, Intruder and Scanner
• Nmap (3+ years): Network enumeration, service detection, Port Scanning.
• Splunk (1 year): Log analysis and Security Monitoring.
• Wazuh (1 year): Host-based intrusion detection and Log Correlation.
• Tor (2 years): Anonymous browsing and traffic obfuscation for research and testing.
• Wireshark (2 years): Packet analysis for traffic inspection and troubleshooting.
• SQL (2 years): Manual query crafting for SQL injection testing and data retrieval.
• Python (3 years): Automation scripts, simple exploits, parsing tools for bug bounty hunting.
• JavaScript (2 years): XSS payloads, client-side logic during pentests.
• Bash/Shell (2 years): Automated enumeration, scanning, system tasks in Kali Linux.

Projects

• Vault Repository[GitHub] – Created Cybersecurity Vault containing Real-World use of Tools and Techniques for Testing.

Latest Medium Posts

Education

Class 12 (Science, Math, Computer Science) - CBSE, India (Passed: 2024)

Languages

• English: Proficient
• Hindi: Native

Interests

• Ethical Hacking
• Cybersecurity Research
• Bug Bounty Hunting
• Networking and Technology