MuhammadKhizerJaved

Dedicated and seasoned cybersecurity professional with over 8 years of active engagement in Bug Bounty Hunting, complemented by 4 years of experience as a Penetration Tester. Skilled in web and mobile application security testing and vulnerability assessment, I am actively involved in platforms like HackerOne and Bugcrowd. My contributions in the Bug Bounty arena have been recognized by over 200 reputable organizations, including Apple, Google, Facebook, The Government of Singapore, and The US Department of Defense. As an advocate for community growth, I actively contribute as a speaker, conducting sessions in local universities and presenting talks at various security conferences, both locally and internationally, including twice at BlackHat MEA, With a passion for growth, Always happy to connect with fellow security practitioners.
June 28, 2024

Finding Hidden Threats: How I Found Leaked AWS Credentials in an Android App API Using DAST

Found a critical vulnerability involving leaked AWS credentials within an Android App API during a bug bounty hunt. by utilizing Dynamic Application Security Testing (DAST) and the Mobile Security Framework (MobSF) to uncover the vulnerability. This blog post provides a step-by-step guide for newcomers to set up their own testing environments and utilize MobSF.