Learning through bug bounty programs Open to VAPT / Junior Pentester roles

Security researcher.
Bug bounty hunter.
Aspiring pentester.

I'm Sai — a Computer Science student specializing in Cyber Security. This is where I document how I test, break, and understand web applications, on the way to a career in VAPT and penetration testing.

about

How I got here

I started learning web application security the slow way — from zero, through PortSwigger's Web Security Academy and Burp Suite, working through SQL injection, XSS, authentication flaws, and access control fundamentals one lab at a time.

From there I moved to live testing: running structured bug bounty campaigns against public programs, methodically working through attack surfaces — IDOR, JWT and session confusion, SSRF, SSO isolation issues, and injection points — and treating a clean result as valuable data, not a dead end.

I'm currently building toward a career in VAPT (Vulnerability Assessment & Penetration Testing), aiming for junior penetration tester roles where I can apply that same methodical testing approach professionally.

Focus
Web App Pentesting · VAPT · Bug Bounty
Trained on
PortSwigger Web Security Academy
Aiming for
Junior Penetration Tester roles
focus areas

What I test and build with

🛡️

VAPT Methodology

Structured, repeatable vulnerability assessment and testing workflows.

🕸️

Web App Pentesting

OWASP Top 10, auth & access control, injection, SSRF.

🎯

Bug Bounty Hunting

Live testing on public programs, methodical and documented.

🔧

Burp Suite

Proxy-based manual testing, repeater, intruder workflows.

🔍

OSINT

Reconnaissance and information gathering as a first step, not an afterthought.

🌐

Network Fundamentals

TCP/IP, addressing, and the plumbing security testing depends on.

🐍

Python Tooling

Scripting for reconnaissance and testing — including a multithreaded port scanner.

📝

Documentation

Writing up methodology, not just findings — the process is the point.

journey

The path so far

Foundations

PortSwigger Web Security Academy

Worked through SQL injection, XSS, authentication, and access control from first principles using Burp Suite.

First build

Multithreaded Python port scanner

Built a foundational reconnaissance tool to understand what testing tools are actually doing under the hood.

Live testing

Structured bug bounty campaigns

Ran full-scope testing passes on public programs — IDOR, JWT confusion, SSRF, SSO isolation, and injection points — with documented methodology.

Now

Working toward VAPT & junior pentester roles

Continuing coursework in Cyber Security while applying to internships and entry-level penetration testing opportunities.

Let's talk

For internships, VAPT/pentesting opportunities, or questions about a write-up — email is the best way to reach me.

contact@sai-dev.me

This domain is kept intentionally separate from my personal profiles.