Hi there, I'm Muhammad Khizer Javed 👋
A dedicated and seasoned cybersecurity professional specializing in Bug Bounty Hunting and Penetration Testing.
Hi everyone! My name is Muhammad Khizer Javed. I’m currently working in the cybersecurity sector mainly as a Bug Bounty Hunter and Penetration Tester, performing web/mobile application security assessments and network security assessments.
About Me:
- 🔭 I’m currently working on enhancing web and mobile application security.
- 🌱 I’m currently learning more about digital forensics and advanced penetration testing techniques.
- 👯 I’m looking to collaborate on cybersecurity research and Penetration Testing projects.
- 🤔 I’m looking for help with improving my skills in threat hunting and incident response.
- 💬 Ask me about Bug Bounty Hunting, Penetration Testing, or anything related to cybersecurity.
- 📫 How to reach me: khizerjaved@securitybreached.org
- ⚡ Fun fact: I enjoy playing story-based video games, reading novels, and watching movies/documentaries.
Professional Background:
- Active engagement in Bug Bounty Hunting.
- Experience as a Penetration Tester.
- Recognized by over 300+ reputable organizations, including Apple, Google, Facebook, The Government of Singapore, and The US Department of Defense.
- Active contributor and speaker at local universities and security conferences, including BlackHat MEA.
My Blog:
Recent Blog Posts:
-
Bug Bounty Blueprint: A Beginner's Guide
A comprehensive guide for beginners starting their journey in bug bounty hunting. It covers the basics, tools, and methodologies to get you started.
Snippet: "Starting in bug bounty can be daunting. This guide aims to demystify the process and provide a clear path for beginners..." -
Finding Hidden Threats: How I Found Leaked AWS Credentials in an Android App API Using DAST
In this blog, I detail the process of discovering leaked AWS credentials in an Android app API using Dynamic Application Security Testing (DAST).
Snippet: "While testing an Android app, I stumbled upon an exposed API endpoint leaking AWS credentials. Here's how I found and reported it..." -
How I Manipulated My Rank on the Bugcrowd Platform
An intriguing look into how I was able to manipulate my rank on Bugcrowd's platform, shedding light on platform vulnerabilities.
Snippet: "By understanding the ranking algorithm, I identified a way to artificially boost my rank. Here's the step-by-step process..." -
Hacking 100K+ Loyalty Programs for Fun and Profit
Exploring vulnerabilities in loyalty programs and how they can be exploited for significant rewards.
Snippet: "Loyalty programs often have weak security measures. I uncovered several high-impact vulnerability..." -
Hacking SMS API Service Provider of a Company: Android App Static Security Analysis (Bug Bounty POC)
A detailed proof-of-concept (POC) on how I performed a static security analysis on an Android app to find vulnerabilities in its SMS API service.
Snippet: "By conducting a static analysis on the Android app, I identified critical vulnerabilities in the SMS API service provider. Here's how..."
Connect with me: