Danish Abbas

Security Researcher & Penetration Tester

YesWeHack • Part-time

Jan 2025 - Present • 1 yr 4 mos

Most security issues aren’t discovered through advanced zero-day attacks — they’re usually caused by misconfigurations, overlooked inputs, and broken access controls that slip through development. My goal is to find those weaknesses before attackers do. I’m a cybersecurity researcher and penetration tester, specializing in web application security mobile application security, api security, and vulnerability discovery. I have actively hunted vulnerabilities on YesWeHack and Bugcrowd, responsibly reporting real-world issues such as Insecure Direct Object Reference, Cross-Site Scripting (Stored & Reflected), SQL Injection, and authentication bypass vulnerabilities in production applications. My testing methodology follows the complete penetration testing lifecycle: reconnaissance, enumeration, exploitation, post-exploitation, and reporting. I use professional tools such as Burp Suite, Nmap, Metasploit, OWASP ZAP, and Wireshark, along with custom Python scripts to automate reconnaissance and improve testing efficiency. Every assessment I perform aligns with the OWASP Top 10, and includes CVSS-scored findings, proof-of-concept reproduction steps, and clear remediation guidance to help teams fix vulnerabilities quickly. In addition to bug bounty work, I have completed 100+ security labs on Hack The Box, TryHackMe, and the PortSwigger Web Security Academy, covering web exploitation, privilege escalation, network enumeration, and SOC analysis. I hold a B.S. in Software Engineering, giving me a strong understanding of how modern applications are designed and where developers unintentionally introduce security risks. Certifications: CEH | eCPPT | eJPT | ISC2 CC | OT Security Expert | Qualys Certified Specialist | Google Certified. I test methodically, communicate clearly, and deliver reports your team can act on. If you want security done right — let’s work together.