Available for work - immediate start

I find infrastructure
exposures
before attackers do.

Over 500 security vulnerabilities found, documented, and responsibly disclosed to some of the world's most recognised companies. More than 300 rewarded. CEH V13 certified. In 2018, I discovered and disclosed an unsecured database exposing 2M+ records from mSpy - covered by TechCrunch and KrebsOnSecurity alongside Brian Krebs. That was not a one-off - since then, 100+ similar exposures found and closed. I do not just find problems - I give the teams who need to fix them everything they need to do so.

View Services Read my story
Nitish Kumar Shah
Nitish Kumar Shah
Security Researcher · Penetration Tester · CEH V13
500+
Disclosures
300+
Rewarded
2018
First Bounty
50+
Companies
Featured in
TechCrunch KrebsOnSecurity GBHackers
Companies I have reported vulnerabilities to
Redbus
Swiggy
Lenskart
Paytm
Grofers
Krafton
CarDekho
CoinSwitch
Bosch
Houzz
FreshMenu
WithJoy
BigBasket
Kiwi
SitiBroadband
Redbus
Swiggy
Lenskart
Paytm
Grofers
Krafton
CarDekho
CoinSwitch
Bosch
Houzz
FreshMenu
WithJoy
BigBasket
Kiwi
SitiBroadband
My story
Before security was a career,
it was just curiosity.

I was a computer science student more interested in how systems break than in what textbooks said about them. In 2016, before I even graduated, I sent my first security report to SitiBroadband - a vulnerability that gave unlimited free broadband access. No bounty, no reward. Just the right thing to do.

I graduated in 2017. By that point I had already been doing security research for two years alongside my studies - not because anyone asked me to, but because I could not stop noticing the gaps.

Then on 16 January 2018, I reported a cookie injection vulnerability to Redbus. They paid me a bounty - my first. A real flaw in a product used by millions of people, handled honestly. That moment set the direction for everything that followed.

Since then - over 500 disclosures, more than 300 rewarded, across companies of every size. The work is always the same: find something real, document it properly, report it honestly.

Services
Penetration testing
you can act on.
Compliance · Enterprise
Professional Penetration Testing Report
SOC 2, ISO 27001, GDPR, and HIPAA-ready penetration testing with a detailed, auditor-friendly report. Covers web applications, APIs, and infrastructure - findings mapped to compliance requirements.
View on Fiverr
WordPress · Ongoing
Continuous WordPress Security Maintenance & Monitoring
Ongoing security monitoring, vulnerability patching, malware scanning, and hardening for WordPress sites. Delivered as a continuous service - not a one-time scan.
View on Fiverr
Small Business · SaaS
Pentest Your Website or SaaS - Executive-Ready Report
Full penetration test of your small website or SaaS product. Delivered as an executive-ready report - clear findings, business impact, and prioritised remediation steps your team can immediately act on.
View on Fiverr
Prefer to work directly? Skip Fiverr entirely and reach me by email for custom engagements, responsible disclosure, or larger scopes. security@hackerwalablog.in
Certifications
EC-Council
Certified Ethical Hacker - CEH V13
Penetration Testing · Ethical Hacking · AI Security Modules
Active · 2026
The SecOps Group
Certified Network Security Practitioner - CNSP
Network Security · Vulnerability Assessment
Active
ISC2
Certified in Cybersecurity - CC
Security Principles · Risk Management · Incident Response
Active
Skills
Penetration Testing
Web Application API Security VAPT Auth Testing Access Control Threat Modeling CVSS Scoring
Recon & OSINT
Shodan Censys Nuclei Internet Scanning Secrets Detection Exposure Analysis
Tools
Burp Suite Pro OWASP ZAP Metasploit SQLMap Nessus Qualys Nmap Kali Linux
Frameworks
OWASP Top 10 PTES MITRE ATT&CK STRIDE CVE Reporting Responsible Disclosure
Let's talk.
I'm available now.

For freelance engagements, responsible disclosure, or full-time roles - reach me directly. No forms, no middlemen.

Direct Email - Security Enquiries & Disclosure
security@hackerwalablog.in
LinkedIn
linkedin.com/in/IamNitishShah
HackerOne
hackerone.com/nitishshah
Bugcrowd
bugcrowd.com/h/nitishshah800