Application Security Engineer Security-Focused Software Developer

Bogura, Bangladesh

Security engineer with a background in full-stack development and offensive security research. Focused on web application security, attack surface discovery, and reconnaissance automation.

Development experience provides a strong understanding of authentication flows, API security, and backend logic vulnerabilities.

• Web Application Security (OWASP Top 10)
• Attack Surface Discovery
• Reconnaissance Automation
• Bug Bounty Methodology
• Vulnerability Research
• Application Logic Analysis

Web-based vulnerability scanning platform designed to help developers and security researchers identify security weaknesses in web applications.

Key Features

• Automated vulnerability scanning using OWASP ZAP
• Subdomain enumeration and DNS analysis
• HTTP security header inspection
• SSL / TLS configuration checks
• Port scanning and network diagnostics
• Structured vulnerability reporting (HTML / PDF)

Tech Stack

React.js • Node.js • Express • Bash • MySQL Security Tools: OWASP ZAP • Nmap

Repository https://github.com/mdomorffaruk/vulnxposer-web-vulnerability-scanner

Automation pipeline designed to accelerate the attack surface discovery phase during web application security testing.

Capabilities

• Subdomain enumeration and asset discovery
• Archive URL ingestion (Wayback / GAU)
• HTTP probing and endpoint discovery
• Parameter clustering for vulnerability testing
• Automated vulnerability scanning with Nuclei
• HackerOne scope monitoring and research workflows

Integrated Tools

Subfinder • Amass • Httpx • Katana • Naabu • Feroxbuster • Wafw00f • Nuclei

Repositories

Recon Automation https://github.com/mdomorffaruk/recon-automation

HackerOne Automation https://github.com/mdomorffaruk/hackerone-automation

Collection of reconnaissance workflows, vulnerability testing techniques, and security research notes developed during offensive security practice.

Topics include:

• IDOR testing methodology
• 403 bypass techniques
• Shadow/zombie API discovery
• Archive-based endpoint discovery
• Bug bounty recon workflows

Repository https://github.com/mdomorffaruk/bug-bounty-methodology

Security Testing

Burp Suite • Nmap • Nuclei • Subfinder • Amass • Httpx • Katana • Feroxbuster

Systems & Analysis

Linux • Bash • Wireshark • Ghidra

Development

Node.js • Python • PHP • Docker • Git

I regularly document security learning and research through technical walkthroughs and lab notes.

Topics include:

• Web application vulnerability testing
• Kernel-level exploitation techniques
• APT methodologies
• Security lab walkthroughs

Medium https://medium.com/@mdomorffaruk

Portfolio https://mdomorffaruk.github.io

LinkedIn https://linkedin.com/in/mdomorffaruk

TryHackMe https://tryhackme.com/p/mdomorffaruk

YouTube https://www.youtube.com/@mdomorffaruk

If you want, I can also show you three small GitHub profile tweaks that dramatically increase the chance a security hiring manager actually reads your repositories. Most candidates miss them.