Nahid Miah

penetration testing

phpcreation.inc • Freelance

Sep 2025 - Sep 2025 • 0 mos

Experienced cybersecurity specialist with over 6+ years of hands-on experience in web application penetration testing and vulnerability research. Actively involved in responsible disclosure and bug bounty programs. Key Responsibilities & Achievements: Conducted comprehensive Web Application Penetration Testing following OWASP methodology (OWASP Top 10). Identified and responsibly disclosed multiple vulnerabilities including: SQL Injection (SQLi) Stored & Reflected XSS Server-Side Template Injection (SSTI) HTML Injection Authentication & 2FA bypass issues Session misconfiguration & IDOR Reported vulnerabilities to major platforms including Google (including 2FA bypass findings). Performed security assessments on WordPress, eCommerce (PrestaShop), and custom PHP applications. Experienced in backend API security testing (REST & GraphQL). Conducted authentication & CAS login security testing automation using Python and GitHub Actions. Skilled in source code review for vulnerability identification. Performed subdomain enumeration and DNS reconnaissance using tools like puredns. Prepared professional security reports with structured findings, impact analysis, and remediation guidance. Technical Skills: Burp Suite, Nmap, SQLMap, FFUF, Python automation, Linux, GitHub Actions, REST/GraphQL API testing, Cloud security basics (AWS).