Muhammad Zeeshan

Web Penetration Tester & Bug Bounty Hunter

Securing Web Applications | Finding Critical Vulnerabilities

Get In Touch View Skills

Professional Stats

500+
Vulnerabilities Found
100+
Security Reports
50+
Companies Secured
3+
Years Experience

Core Expertise

💉Vulnerability Specialization

  • SQL Injection (SQLi)
  • Insecure Direct Object Reference (IDOR)
  • Access Control Vulnerabilities
  • Cross-Site Scripting (XSS)
  • Server-Side Request Forgery (SSRF)
  • Authentication & Session Management
  • Business Logic Flaws
  • Insecure Deserialization

🛡️Web Application Security

  • OWASP Top 10 Testing
  • API Security Assessment
  • REST & GraphQL API Testing
  • JWT Token Exploitation
  • OAuth & SSO Security
  • File Upload Vulnerabilities
  • XML External Entity (XXE)
  • Race Conditions

🏆Bug Bounty Platforms

  • Bugcrowd (Active Hunter)
  • HackerOne
  • Intigriti
  • Synack
  • YesWeHack
  • Private Programs
  • Responsible Disclosure
  • CVE Contributions

🔧Tools & Technologies

  • Burp Suite Professional
  • OWASP ZAP
  • SQLMap & SQL Injection Tools
  • Metasploit Framework
  • Nmap & Nessus
  • Nikto & Dirbuster
  • Custom Python Scripts
  • Postman & Insomnia

💻Programming & Scripting

  • Python (Automation & Exploits)
  • JavaScript & Node.js
  • Bash Scripting
  • PHP Code Analysis
  • SQL Database Knowledge
  • RegEx Pattern Matching
  • Git & Version Control
  • Linux Command Line

🎯Advanced Techniques

  • Bypassing WAF & Security Controls
  • Server-Side Template Injection
  • NoSQL Injection
  • LDAP Injection
  • HTTP Request Smuggling
  • CORS Misconfiguration
  • Subdomain Takeover
  • Cache Poisoning

Hall of Fame

🚀

NASA

nasa.gov
Acknowledged
✈️

Air Canada

aircanada.com
Acknowledged
🌐

TNSI

tnsi.com
Acknowledged
💼

Rozee.pk

rozee.pk
Acknowledged
💳

JazzCash

jazzcash.com.pk
Acknowledged

Let's Connect

📧

Email

ranazeeshanbbh@gmail.com
🎯

Bugcrowd Profile

bugcrowd.com/h/rana_zeeshan