Shehzad Ali

Shehzad Ali Passport: DY- Date of birth: 20/05/2002 Nationality: Pakistani Gender: Male Place of birth: Swabi, Pakistan Phone number: (- (Mobile) Email address:-Address: Town Yaqubi, Province Khyber Pakhtunkhwa, Pakistan, 23200, Swabi, Pakistan (Home) ABOUT ME I am a cybersecurity expert with 4+ years of experience in penetration testing, vulnerability assessments, and bug bounty hunting. I specialize in securing web applications, mobile apps, APIs, and cloud environments. As a Security Researcher at Secure Purple and part-time bug bounty hunter on HackerOne, I've identified critical vulnerabilities across various platforms. My goal is to become a Cyber Security Engineer, focusing on computer security research to stay ahead of emerging threats and contribute to securing the digital world. WORK EXPERIENCE 01/01/2023 – CURRENT Islamabad, Pakistan CYBER SECURITY RESEARCHER SECURE PURPLE • Conducted comprehensive security assessments for Web applications, Mobile apps, Desktop apps, Networks, APIs, AI/LLM systems, and cloud infrastructures. • Performed in-depth manual penetration testing to identify and exploit vulnerabilities effectively. • Delivered detailed vulnerability analyses and risk assessments, enhancing clients' overall security posture. • Leveraged expertise to identify critical vulnerabilities and guide the implementation of robust security measures. • Researched emerging vulnerabilities and applied findings to real-world target applications, driving innovation in security testing methodologies. 01/09/2024 – 30/03/2025 Peshawar, Pakistan PENETRATION TESTER KPIT BOARD Worked as a Penetration Tester at KPIT Board Peshawar, identifying security vulnerabilities in web applications, mobile apps, and networks. Gained valuable experience in penetration testing, cyber security assessments, and project management while collaborating with professionals in the government sector. 01/06/2021 – CURRENT San Francisco, United States SECURITY RESEARCHER HACKERONE I am working as a part-time Security Researcher on HackerOne, identifying security vulnerabilities across various applications, including network security, web applications, and more. My focus is on uncovering and reporting critical security flaws to help organizations strengthen their security posture EDUCATION AND TRAINING 01/08/2020 – 30/08/2024 Mansehra, Pakistan BS IN COMPUTER SCIENCE Hazara University Mansehra During my 4 years in BSCS, I gained comprehensive knowledge in computer science, covering areas such as Networking, Operating Systems, Databases, AI, Software Development and Programming. This foundational education equipped me with essential technical skills and a deep understanding of computer systems, which I’ve applied throughout my cybersecurity career. Website http://hu.edu.pk/contact-us Field of study Computer Science Final grade 3.54 DIGITAL SKILLS WEB APP PENETRATION TESTING Mobile application penetration testing Thick client penetration testing API penetration testing Vulnerability Assessment Network Security IT Security cyber security managment Ethical Hacking Python Linux (main OS) Languages : C++,C, Java, Python, JavaScript, C. 1/3 PROJECTS Final Year Project 2024 During my BSCS journey, I developed a penetration testing tool to automate web application security assessments, identifying vulnerabilities like XSS, SQLi, and misconfigurations to enhance security testing efficiency. XSS Finder – Mini Project Developed a tool for bug bounty hunters and security professionals to quickly identify XSS vulnerabilities on target websites. This tool automates payload injection and detection, enhancing the efficiency of web application security testing. Link https://github.com/Shehzadcyber/XSS-Finder CERTIFICATIONS Certified AppSec Pentester (CAPen) Demonstrated expertise in application security by successfully passing the CAPen certification exam, validating skills in identifying and mitigating security vulnerabilities in web and mobile applications. Certified API Security Analyst (CASA) Validated expertise in API penetration testing by earning the CASA certification from apisecuniversity, demonstrating skills in identifying and securing API vulnerabilities against modern threats. Link https://www.credly.com/badges/612fd15a-019b-4536-80e8-edd4f9e1edea ASCP (API Security Certified Professional) – In Progress Pursuing one of the most challenging API penetration testing certifications, focusing on advanced techniques to identify, exploit, and secure API vulnerabilities. Certified AppSec Practitioner (CAP) Earned certification validating expertise in application security, covering secure coding, vulnerability assessment, and remediation strategies. Mobile Application Pentesting (TCM) Successfully completed this course, gaining hands-on experience in identifying and exploiting security vulnerabilities in mobile applications. Practical Ethical Hacking (TCM) Completed this course, developing strong foundational and advanced skills in ethical hacking, penetration testing, and cybersecurity methodologies. LANGUAGE SKILLS Mother tongue(s): URDU Other language(s): UNDERSTANDING ENGLISH Listening Reading C1 C2 SPEAKING WRITING Spoken production Spoken interaction C2 C1 C2 Levels: A1 and A2: Basic user; B1 and B2: Independent user; C1 and C2: Proficient user MANAGEMENT AND LEADERSHIP SKILLS Cyber Security Lead 2/3 Cyber Security Lead at CyberPashto for the CyberPashto Fellowship Program (CPFP) 2025, responsible for training and mentoring students in cybersecurity. Conduct cybersecurity courses and guide aspiring students in ethical hacking and penetration testing. Link https://cyberpashto.com/ CONFERENCES AND SEMINARS 27/02/2025 APISEC|CON 2025 Link https://www.credly.com/badges/b4ed29c6-e935-41a8-92cb-4900e28fdf52/public_url HONOURS AND AWARDS 26/11/2024 CTF Competition – BlackHat MEA As part of KP Cyber Warriors Team, Led the team to the final round of the BlackHat MEA 2024 CTF in Riyadh, where we successfully solved advanced cybersecurity challenges, demonstrating strong problem-solving and teamwork skills in a highly competitive environment. Link https://flagyard.com/profile/hunter313 2nd Runner Up at Ignite Cyber Security Hacktahon 2024 – Ignite Achieved 2nd Runner Up position at the Ignite Digital Pakistan Cyber Security Hackathon 2024 Peshawar Round, showcasing strong problem-solving and technical skills in tackling complex cybersecurity challenges. Link https://cyberhackathon.pk/ 05/11/2023 1st Position Holder at Cybersecurity Workshop – Ignite Achieved 1st position in a 5-day cybersecurity training workshop held at Pak-Austria Fachhochschule Institute of Applied Sciences and Technology Haripur, demonstrating excellence in cybersecurity concepts, hands-on skills, and problem-solving. HOBBIES AND INTERESTS Personal Interests & Activities • Solving CTF (Capture The Flag) challenges • Contributing to open-source security projects • Attending networking and security conferences 3/3