Available for engagements
Penetration Testing & Security Research

Tabriz
Hasanli

Penetration Tester · Security Researcher

I test web applications, APIs, and internal networks — finding, exploiting, and responsibly reporting the vulnerabilities that matter.

01 What I test
A/

Web & API Testing

Injection, authentication and access-control flaws, business-logic bugs, and request smuggling across web apps and APIs.

B/

Network & Internal

Internal-network penetration testing: service exploitation, privilege escalation, and lateral movement.

02 Bug bounty & disclosure programs
HackerOne, Daimler Truck VDP
Cross-Site Scripting (XSS)
InfoDuplicate
HackerOne, Clarivate VDP
HTML Injection
LowDuplicate
HackerOne, Grab BBP
Improper Access Control — Generic
InfoDuplicate
HackerOne, HackerOne BBP
Race Condition (TOCTOU)
Low
HackerOne, Mars VDP
Violation of Secure Design Principles
Medium
Bugcrowd, Indeed BBP
Cross-Site Scripting (XSS) — Stored
InfoDuplicate
HackerOne, Glassdoor BBP
Weak Password Recovery Mechanism
Low+20 pts
03 Projects
Get in touch

Let's talk security.

Open to penetration-testing engagements, security research, and responsible-disclosure collaboration.