Security researcher
& penetration
tester.

500+
Responsible disclosures
300+
Rewarded findings
100+
Data exposures closed
50+
Companies secured

Over 500 security vulnerabilities found, documented, and responsibly disclosed. More than 300 rewarded. CEH V13 certified. In 2018, I discovered and disclosed an unsecured database exposing 2M+ records from mSpy - covered by TechCrunch and KrebsOnSecurity alongside Brian Krebs. That was not a one-off - since then, 100+ similar exposures found and closed.

Featured in
TechCrunch KrebsOnSecurity GBHackers
Companies I have reported vulnerabilities to
Redbus
Swiggy
Lenskart
Paytm
Grofers
Krafton
CarDekho
CoinSwitch
Bosch
Houzz
FreshMenu
WithJoy
BigBasket
Kiwi
SitiBroadband
Redbus
Swiggy
Lenskart
Paytm
Grofers
Krafton
CarDekho
CoinSwitch
Bosch
Houzz
FreshMenu
WithJoy
BigBasket
Kiwi
SitiBroadband
Services

Security services from
someone who finds real things.

Professional Penetration Testing Report
SOC 2, ISO 27001, GDPR, and HIPAA-ready penetration testing with a detailed, auditor-friendly report. Covers web applications, APIs, and infrastructure - findings mapped to compliance requirements.
View on Fiverr
Continuous WordPress Security Maintenance
Ongoing security monitoring, vulnerability patching, malware scanning, and hardening. A continuous service - not a one-time scan.
View on Fiverr
Pentest Your Website or SaaS
Full penetration test delivered as an executive-ready report - clear findings, business impact, and prioritised remediation your team can act on immediately.
View on Fiverr
Prefer to work directly? Skip Fiverr entirely - email me for custom engagements, responsible disclosure, or larger scopes. security@hackerwalablog.in
My story

Before security was
a career, it was
curiosity.

I was a computer science student more interested in how systems break than what textbooks said. In 2016, before I even graduated, I sent my first security report to SitiBroadband - a vulnerability giving unlimited free broadband access. No bounty, no reward. Just the right thing to do.

In 2018, I discovered an unsecured database belonging to mSpy exposing over 2 million customer records - passwords, iCloud tokens, private messages. I contacted Brian Krebs. The story ran in KrebsOnSecurity and TechCrunch the same day. Database taken offline within hours.

That is the work. Finding things genuinely exposed - Kibana instances, unsealed Consul clusters, open Jenkins pipelines - and getting them fixed before someone with worse intentions does.

Timeline
2016
First responsible disclosure
SitiBroadband vulnerability giving unlimited free broadband. No reward - just the right thing to do.
2017
Graduated computer science
Already two years into security research. Turned it into a full-time focus.
2018
mSpy disclosure + TechCrunch coverage
First bounty from Redbus in January. Then mSpy's 2M+ record database - covered by TechCrunch & KrebsOnSecurity.
Now
500+ disclosures, CEH V13
Available for freelance engagements, responsible disclosure, and full-time roles.
Certifications

Verified credentials.

EC-Council
Certified Ethical Hacker - CEH V13
Penetration Testing · Ethical Hacking · AI Security Modules
The SecOps Group
Certified Network Security Practitioner - CNSP
Network Security · Vulnerability Assessment
ISC2
Certified in Cybersecurity - CC
Security Principles · Risk Management · Incident Response
Skills

Tools & techniques.

Penetration Testing
Web ApplicationAPI Security VAPTAuth Testing Access ControlThreat Modeling CVSS Scoring
Recon & OSINT
ShodanCensys NucleiInternet Scanning Secrets DetectionExposure Analysis
Tools
Burp Suite ProOWASP ZAP MetasploitSQLMap NessusQualys NmapKali Linux
Frameworks
OWASP Top 10PTES MITRE ATT&CKSTRIDE CVE ReportingResponsible Disclosure
Working with companies
worldwide - responsibly.
Every finding documented properly. Every disclosure handled honestly. Real vulnerabilities your team can act on - not noise.
Get in touch →
Contact

Let's talk.
I'm available now.

For freelance engagements, responsible disclosure, or full-time roles - reach me directly. No forms, no middlemen.

Direct Email - Security Enquiries & Disclosure
security@hackerwalablog.in
LinkedIn
linkedin.com/in/IamNitishShah
HackerOne
hackerone.com/nitishshah
Bugcrowd
bugcrowd.com/h/nitishshah800