SUTHARSHAN S

$ whoami → Application Security Engineer

Available for Opportunities

About Me

Who I Am / Full Details Resume

Zoho
Zoho Corporation
Project Trainee
Nov 2025 – Dec 2025
Application Security

PSNA College
B.Tech CS & Business Systems
PSNA College of Engineering & Technology
2022 – 2026
CGPA 7.74
TryHackMe
TryHackMe
Global Top 1% Ranking
3M+ Users Surpassed
275+ Labs Completed

NASA
Recognition & Bounties
NASA · Flipkart · University of Oslo
Indian Government — Official Recognition
€400 Bug Bounty Earned
Recognition

Recognition & Awards

NASA
NASA
Letter of Recognition
Flipkart
Flipkart (1/2)
2× Letters of Recognition
University of Oslo
University of Oslo
Recognition Letter
Indian Government
Indian Government
Official Recognition
Connect

Let’s Connect

GitHub LinkedIn TryHackMe Gmail
Skills

Technical Skills

App Security
🌐
Web Security
📱
Android Security
🔌
API Security
📋
Secure Code Review
🔬
SAST / DAST
🕷
Burp Suite
🗺
Nmap
⚠️
OWASP Top 10
📮
Postman
🛡️
Nessus
🔎
Nikto
Tools
🐉
Kali Linux
💣
Metasploit
📡
Wireshark
📱
JADX
🖧
Packet Tracer
📮
Postman
🛡️
Nessus
🔎
Nikto
💉
sqlmap
🐳
Docker
📝
Git / GitHub
Programming
🐍
Python
Java
🟨
JavaScript
🟩
Node.js
C
🗄
SQL
🌐
HTML
🎨
CSS
💻
Bash Scripting
🔗
REST APIs
📄
JSON
Infrastructure
🐧
Linux
☁️
AWS
🌍
Networking
🔌
TCP/IP Protocols
🔒
HTTP / HTTPS
🐳
Docker
📝
Git / GitHub
App Security
🌐
Web Security
📱
Android Security
🔌
API Security
📋
Secure Code Review
🔬
SAST / DAST
🕷
Burp Suite
🗺
Nmap
⚠️
OWASP Top 10
📮
Postman
🛡️
Nessus
🔎
Nikto
Tools
🐉
Kali Linux
💣
Metasploit
📡
Wireshark
📱
JADX
🖧
Packet Tracer
📮
Postman
🛡️
Nessus
🔎
Nikto
💉
sqlmap
🐳
Docker
📝
Git / GitHub
Programming
🐍
Python
Java
🟨
JavaScript
🟩
Node.js
C
🗄
SQL
🌐
HTML
🎨
CSS
💻
Bash Scripting
🔗
REST APIs
📄
JSON
Infrastructure
🐧
Linux
☁️
AWS
🌍
Networking
🔌
TCP/IP Protocols
🔒
HTTP / HTTPS
🐳
Docker
📝
Git / GitHub
Experience

Work History

Project Trainee — Application Security
Zoho Zoho Corporation
Nov 2025 — Dec 2025
  • Detected and mitigated client-side security vulnerabilities using structured lab experimentation and practical security techniques.
  • Performed hands-on penetration tests on internal applications simulating real-world attack scenarios in a controlled environment.
  • Documented findings with PoC and proposed remediation strategies aligned with OWASP Top 10 and secure SDLC best practices.
OWASPBurp SuiteWeb SecurityClient Side TestingVAPT
Cyber Security Intern
Codec Technologies Codec Technologies India
Jul 2025 — Aug 2025
  • Identified and responsibly disclosed security vulnerabilities in client web applications, contributing to improved application security posture.
  • Conducted vulnerability assessments across web and API surfaces, documenting exploitability, impact, and mitigation steps.
  • Collaborated with developers on security hardening and participated in secure SDLC awareness sessions.
Vuln AssessmentAPI SecurityRisk MitigationLinux
Independent Security Researcher
Intigriti Intigriti / Bug Bounty Programs
Nov 2024 — Jan 2025
  • Submitted vulnerabilities to organisations and earned €400 through responsible disclosure during this research period.
  • Conducted deep recon, enumeration, and multi-step exploit chains on public web and API targets.
Bug BountyReconVulnerability ResearchDisclosure
Pentester Intern
Cyber Forensics and Security Solutions Cyber Forensics and Security Solutions
Jun 2024 — Aug 2024
  • Performed penetration tests and security assessments across web applications, focusing on exploitable logic and authorization flaws.
  • Delivered remediation guidance and documented findings during a 60-day internship at Cyber Forensics and Security Solutions.
PentestingWeb SecurityRisk AssessmentDigital Forensics
Cyber Security Intern
Shadowfox Shadowfox
May 2024
  • Supported Shadowfox security operations with hands-on testing, vulnerability triage, and remediation reporting.
  • Helped strengthen application security by documenting findings and coordinating with engineering teams.
CTFNMapJavascriptNetwork Security
Projects

What I've Built

Web Security
VULNERABLE SECURED ✓
CSRF Vulnerability Demo & Mitigation

Developed a vulnerable Flask application demonstrating CSRF exploitation in session-based authentication and implemented mitigation using secure CSRF tokens with before/after security comparison.

Flask Python CSRF WTForms Secure Coding
Threat Detection
SSH HONEYPOT
SSH & Web-Based Honeypot

Built an SSH and web-based honeypot using Python and Paramiko to simulate vulnerable services, capture attacker interaction, log brute-force attempts, and monitor malicious activities in real time.

Python Paramiko SSH Honeypot Threat Monitoring
Network Security
INTRUSION DETECTED
Network Intrusion Detection System

Python-based NIDS with YARA rule-based signature detection, Npcap packet capture, stream follow capability for HTTP/2 and TLS/TCP traffic, and real-time threat logging.

Python YARA Npcap HTTP/2 TLS/TCP
CTF & Labs

Battle Stats

Top
1%

TryHackMe — Global Elite Ranking

Ranked in the top 1% globally out of 3 million+ users on TryHackMe. Mastered web exploitation, network attacks, privilege escalation, forensics, cryptography, and OSINT across 275+ real-world labs.

275+
Labs Completed
3M+
Users Surpassed
Top 1%
Global Rank
TryHackMe
Certifications

My Credentials

Certified AppSec Practitioner V2
Certified AppSec Practitioner V2
The SecOps Group
2025 · CAP V2
Google Cybersecurity Professional
Google Cybersecurity Professional
Coursera / Google
2024 · Professional Certificate
Mastercard Forage Cyber Security Job Simulation
Cyber Security Job Simulation
Mastercard - Forage
Apr 2024 · Hands-on Simulation
Contact

Let's Talk

Open to Opportunities

Looking for full-time AppSec roles, internships, or interesting security collaborations. Whether it's a challenge or just a conversation — reach out!

Gmail
EMAIL
sutharshan3605@gmail.com
 Phone
PHONE
+91 8675752590
 GitHub
GITHUB
github.com/sutharshan-xyz
 LinkedIn
LINKEDIN
linkedin.com/in/suthar-shan