Web Application Security
Resume:
Naresh Kandula
203-***-**** # *****************@*****.***
ï linkedin.com/in/naresh-kandula1337 § github.com/NOTTIBOY137 q hackerone.com/kandula New Jersey
Professional Summary
Cybersecurity expert and ethical hacker with proven success identifying 100+ critical, high and medium vulnerabilities for global organizations through HackerOne since 2021. Master’s in Cybersecurity from Sacred Heart University. Developer of custom automation tools that streamline security assessments and reduce false positives. Shares industry insights through technical blogs on emerging threats and best practices. Committed to advancing cybersecurity through hands-on expertise and innovative solutions.
Skills & Expertise
Vulnerability Assessment: Web Application Security, Cloud Security, API Security Testing, OWASP Top 10, MITRE ATT&CK Framework
Security Tools: Burp Suite, OWASP ZAP, Metasploit, Nmap, Kali Linux, WPScan, Nuclei, Snort, Wireshark, Acunetix Programming & Scripting: Python (for security automation), Bash, JavaScript, SQL (for injection testing) Methodologies: Secure SDLC, DevSecOps Integration, Bug Bounty Hunting, Penetration Testing Investigation: Open-source Intelligence (OSINT), False Positive Reduction Techniques, Threat Analysis Soft Skills: Technical Documentation, Security Report Writing, Vulnerability Disclosure Communication, Problem-solving Experience
HackerOne Programs 2021 – Present
Ethical Hacker / Bug Bounty Hunter Remote
– Identified and reported 100+ critical vulnerabilities across public, private bug bounty programs and VDPs
– Developed custom automation tools to streamline vulnerability detection and reduce false positives
– Discovered critical CSRF vulnerability in private bugbounty program authentication system leading to account takeover
– Collaborated with security teams through multiple validation stages to ensure proper understanding and remediation
– Created and submitted detailed proof-of-concept using Burp Suite to demonstrate security impacts Achievements
Ranked in top 15% of ethical hackers on HackerOne platform based on impact and quality of vulnerability reports Recognized by multiple Fortune 500 companies for responsible disclosure of critical security vulnerabilities Developed a custom Python-based security scanning tool that reduced false positives by 40% compared to standard tools Published technical blog posts on emerging cybersecurity threats with over 10,000 combined views Invited speaker at university cybersecurity workshops, sharing insights on ethical hacking methodologies Notable Bug Bounty Achievement
CSRF Vulnerability Leading to Account Takeover July 2021
– Identified a critical vulnerability in password reset functionality that allowed complete account takeover
– Created and submitted detailed proof-of-concept using Burp Suite to demonstrate the security impact
– Collaborated with security teams through multiple validation stages to ensure proper understanding and remediation
– Received $2,000 bounty recognition for responsible disclosure and detailed reporting
– Skills Applied: Web Application Security, CSRF Exploitation, Authentication Bypass, Burp Suite, Technical Documentation
University Projects
CTF Challenge: Boot-to-Root Mastery & Scoring Server March 2025
– Designed and deployed a comprehensive Capture The Flag (CTF) challenge on AWS EC2 using Ubuntu/Linux LAMP stack
– Developed a custom vulnerable WordPress environment with intentional security flaws (LFI, SQLi, XSS) to simulate real-world attack scenarios
– Engineered a Python/Flask-based scoring server that securely validates flag submissions and provides real-time tracking
– Implemented testing methodologies using industry tools including Nmap, WPScan, Fuff, and Burp Suite alongside custom automation scripts
– Created an educational platform that bridges theoretical security concepts with practical application for ethical hacking training
– Technologies: Ubuntu, Apache, MySQL/MariaDB, WordPress, Python, Flask, AWS EC2, Penetration Testing Tools IDS and IPS Implementation Using Snort: Testing and Validation March 2024
– Enhanced network security by deploying and configuring an Intrusion Detection and Prevention System (IDS/IPS) utilizing Snort with custom rules and Wireshark, increasing detection rate by 80%
– Implemented real-time Snort-based traffic monitoring, resulting in a 98% reduction in successful attacks
– Achieved 99% IDS/IPS accuracy through rigorous hping-based penetration testing Education
Sacred Heart University Expected April 2025
Master of Cyber/Computer Forensics and Counterterrorism Fairfield, CT Relevant Coursework:Network security, Cryptography, Digital forensics, Ethical hacking, Vulnerability management, SEIM, Splunk, Cloud Security AWS.
Certifications
Web Application Security and Penetration Testing (05/2019 - 07/2019) - Cognizance IIT Roorkee Ethical Hacking and Cyber Security (07/2019 - 12/2019) - Cognizance IIT Roorkee
Contact this candidate