0%
dalimbevishal@gmail.com
GitHub LinkedIn

VISHAL
DALIMBE

Web Application Penetration Tester with nearly 2 years of hands-on bug bounty experience. Expert in OWASP Top 10, attack surface mapping, and responsible disclosure on HackerOne & Bugcrowd.

View Work Get In Touch
// 01

ABOUT ME

I'm a Web Application Penetration Tester specializing in bug bounty research with nearly 2 years of real-world experience on HackerOne and Bugcrowd platforms.

My work spans end-to-end penetration testing on production targets — identifying authorization issues, IDORs, input validation flaws, CORS misconfigurations, and business logic vulnerabilities through structured reconnaissance and attack surface mapping.

I build custom Python automation tooling to accelerate recon workflows and author professional vulnerability reports with PoC, impact assessment, and remediation guidance.

Alongside offensive security, I have foundational experience in SOC operations, SIEM monitoring, and cloud security across AWS and Azure environments.

HackerOne
Bugcrowd
Clipp3rX
~2
Years Exp
30+
Tools
7+
Certs
3+
Projects
// 02

CORE SKILLS

Web Security
OWASP Top 10Bug BountyPentestIDORXSSSQLiCSRFSSRFCORSAuth FlawsBusiness LogicVuln Assessment
SOC / Defense
SOC MonitoringSIEM FundamentalsLog AnalysisIncident TriageAlert Analysis
Networking
TCP/IPDNSHTTP/HTTPSNetwork SecurityLinuxBashPython
Recon Tools
SubfinderAssetfinderAmassHTTPXKatanaWaybackurlsGauParamSpiderArjunNaabuMasscanRustScan
Attack Tools
Burp SuiteBurp CollaboratorCaidoOWASP ZAPNiktoNucleiFFUFDirsearchGobusterSQLmapDalfoxWPScanTestSSLMetasploitNmapNetcatPostmanJWT Tooling
AWS Cloud
EC2S3IAMVPCLambdaCloudWatchCloudTrailRDSRoute 53ELBSecurity Groups
Azure Cloud
Virtual MachinesAzure ADStorage AccountsVNetsNSGsAzure MonitorSecurity CenterApp Services
// 03

EXPERIENCE

Bug Bounty
Independent Researcher
@ HackerOne · Bugcrowd
Self-Directed · Remote · ~2 Years
  • Performed end-to-end web application penetration testing on real-world production targets under responsible disclosure programs.
  • Identified and reported authorization issues, IDORs, input validation flaws, CORS misconfigurations, and business logic vulnerabilities.
  • Conducted structured reconnaissance and attack surface mapping using automated and manual techniques.
  • Developed custom Python automation scripts to streamline recon, parameter discovery, and testing workflows.
  • Authored professional vulnerability reports including proof-of-concept, impact assessment, and remediation recommendations.
// 04

PROJECTS

GitHub ↗
Bug Bounty Automation
Python

Python-based automation toolkit to streamline reconnaissance and asset discovery. Integrates multiple security tools to reduce manual effort and maximize attack surface coverage.

🔭
GitHub ↗
DomSplitter Tool
Python

High-performance domain analysis tool with concurrent scanning, subdomain discovery, DNS/WHOIS analysis, port scanning, SSL & WAF detection, and structured security reporting.

☁️
GitHub ↗
AWS Serverless Security Lab
AWS Lambda · IAM

Designed and deployed a serverless application using AWS Lambda with IAM role-based access control. Analyzed security for event-driven and serverless architectures.

// 05

EDUCATION

Degrees
MCA — Cloud Technology
Ajeenkya D Y Patil University
2024 – Present · Pune, India
B.Sc. Computer Science
Rajshri Shahu Maharaj Mahavidyalaya
2020 – 2023 · Latur, India
Certifications
Practical Ethical Hacking
TCM Security Academy
Certified Ethical Hacker (CEH)
WsCube Tech
LLM Fundamentals
IBM SkillsBuild
Learn Burp Suite: Nr.1 Web Hacking Tool
Udemy
Nmap for Ethical Hackers
Udemy
SQL Injection Attacks
EC-Council
Intro to Dark Web, Anonymity & Cryptocurrency
EC-Council
Say Hello
GET IN TOUCH

Open to security roles, bug bounty collaborations, and interesting projects.

EmailSend Mail 📱Phone+91 74988 89259 GitHubClipp3rX inLinkedInVishal Dalimbe
// Send a Message

Opens your default mail app — iOS Mail, Gmail, Outlook & more.