This repository contains my security research, vulnerability write-ups, and proof-of-concepts (PoCs) created as part of my learning in cybersecurity and preparation for Google Summer of Code (GSoC) 2026.
- scan_headers.py β Checks HTTP security headers and warns if critical headers are missing.
- url_params_finder.py β Extracts URL query parameters for IDOR, XSS, and logic-flaw testing.
- zap_header_alerts.py β Automates detection of missing security headers using OWASP ZAP API alerts.
- PDF vulnerability write-ups
- Security testing scripts & small tools
- Notes from labs and practice (OWASP, PortSwigger, TryHackMe)
-
β OWASP Dependency-Check
- Merged PR: Documents external data sources & hostnames
dependency-check/DependencyCheck#8219
- Merged PR: Documents external data sources & hostnames
-
β OWASP ZAP
- Documentation improvements in
zap-api-docs - Working on API usage guidance and automation examples
- Documentation improvements in
- Web Penetration Testing
- OWASP Top 10 (XSS, SQLi, CSRF, IDOR, SSRF)
- Recon & vulnerability discovery
- Automation with OWASP ZAP
- Secure coding practices
All research here is performed on intentionally vulnerable labs, test environments, or systems where I have explicit permission. No illegal or unauthorized testing.
Aspiring cybersecurity contributor focused on open-source security tooling and web application security research.
GitHub: https://github.com/SachinAditya