- ๐ก๏ธ Application Security Engineer specializing in manual penetration testing
- ๐ Discovered 15+ critical vulnerabilities affecting 5,000+ users
- ๐ค Building Python automation tools for security testing
- ๐ Currently pursuing BCA in Information Technology at D.Y. Patil University
- ๐ฏ Working towards OSCP certification
- ๐ก Creator of 365 Days of Application Security
- ๐ฑ Active on TryHackMe (65% completion) & Hack The Box (6+ boxes)
- ๐ฌ Ask me about OWASP Top 10, API Security, JWT vulnerabilities
- โก Fun fact: Electronics background โ Perfect for IoT/Hardware security!
| ๐ฏ Achievement | ๐ Metric |
|---|---|
| Critical Vulnerabilities | 15+ Discovered |
| Users Protected | 5,000+ |
| Remediation Rate | 95% |
| Efficiency Gain | 30% through automation |
| Security Debt Reduced | 40% |
| TryHackMe Progress | 65% |
| HTB Boxes Rooted | 6+ |
Complete year-long roadmap from beginner to professional AppSec Engineer
๐ Highlights:
- โ Day-by-day structured learning plan
- โ 100+ free resources curated
- โ OWASP Top 10 complete coverage
- โ Certification guides (Security+, eJPT, OSCP)
- โ Career preparation included
๐ง Tech Stack: Educational Content ยท Security Resources ยท Free Labs
๐ก๏ธ API Security Automation Toolkit
Python-based comprehensive security testing framework for REST APIs
๐ Highlights:
- โ JWT Token Analysis & Exploitation
- โ IDOR Vulnerability Scanner
- โ API Fuzzing Engine
- โ Authentication/Authorization Testing
- โ CI/CD Integration Ready
๐ง Tech Stack: Python ยท Burp Suite API ยท JWT ยท REST APIs
๐ Impact: 30% reduction in manual testing time
Production-grade secure authentication system with JWT and role-based access control
๐ Highlights:
- โ Secure JWT Implementation
- โ Granular RBAC System
- โ Comprehensive Security Headers
- โ Rate Limiting & DDoS Protection
- โ OWASP Best Practices
๐ง Tech Stack: Node.js ยท Express.js ยท MongoDB ยท JWT ยท bcrypt
๐ Impact: 30% fewer vulnerabilities vs industry baseline
Detailed walkthroughs and methodologies from TryHackMe, Hack The Box, and VulnHub
๐ Highlights:
- โ Step-by-step enumeration guides
- โ Exploitation techniques documented
- โ Privilege escalation methods
- โ Screenshots and proof
- โ Lessons learned section
๐ฎ Platforms: TryHackMe ยท HackTheBox ยท VulnHub
Codec Technologies India | Nov 2025 - Dec 2025
- ๐ฏ Discovered 15+ critical/high severity vulnerabilities (IDOR, broken authorization, privilege escalation, JWT misconfigurations)
- ๐ Achieved 95% remediation rate through clear PoC exploits and developer collaboration
- โก Reduced analysis time by 30% via Python automation for API fuzzing
- ๐ก๏ธ Performed comprehensive authorization testing with Burp Suite Pro
- ๐ Authored professional reports with CVSS scoring
ai4sees private ltd | Dec 2025 - Present
- ๐๏ธ Designed secure web architecture with OWASP controls
- ๐ง Built reusable REST API libraries reducing vulnerabilities by 30%
- ๐ Integrated SAST/DAST in CI/CD, reducing security debt by 40%
- โ Implemented secure coding: input validation, parameterized queries, session management
- ๐จโ๐ป Conducted security code reviews focusing on OWASP Top 10
Codec Technologies India | Nov 2025 - Dec 2025
- ๐ค Developed security automation scripts and API testing tools
- โฑ๏ธ Reduced manual effort by 2+ hours/week through automation utilities
- ๐ Built log parsing, data extraction, and workflow automation tools
- ๐ Created reusable libraries for API fuzzing and auth analysis
| ๐ Certification | ๐ข Provider | ๐ Status |
|---|---|---|
| Application Security Training | Various Providers | โ Completed |
| Cyber Security Architecture v1 | Various Providers | โ Completed |
| Commonwealth Bank - Cybersecurity Simulation | Forage | โ Completed |
| AIG - Shields Up: Cybersecurity | Forage | โ Completed |
| Deloitte Australia - Cyber Simulation | Forage | โ Completed |
| CompTIA Security+ | CompTIA | ๐ฏ In Progress |
| eJPT | eLearnSecurity | ๐ฏ Preparing |
| OSCP | Offensive Security | ๐ฏ Goal 2026 |
- TryHackMe: 65% Junior Penetration Tester Path | 50+ rooms completed
- Hack The Box: 6+ machines rooted | Active member
- PortSwigger Academy: Continuous practice on all vulnerability types
- OWASP Juice Shop, DVWA: Regular practice on intentionally vulnerable apps
๐ Pune, Maharashtra, India
๐ง chetanchandrakantbiranje@gmail.com
๐ linkedin.com/in/chetanbiranje
"Security is not a product, but a process."
โ Bruce Schneier
"The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn't stake my life on it."
โ Gene Spafford
class ChetanBiranje:
def __init__(self):
self.role = "Application Security Engineer"
self.current_focus = [
"OSCP Certification Preparation",
"Bug Bounty Hunting (Google VRP, HackerOne)",
"Advanced API Security Research",
"Security Automation with Python",
"Contributing to Open Source Security Tools"
]
self.learning = [
"Cloud Security (AWS, Azure, GCP)",
"Mobile Security (Android, iOS)",
"Container Security (Docker, Kubernetes)",
"Active Directory Security"
]
self.goals_2026 = [
"OSCP Certification โ
",
"Land Application Security role at FAANG",
"Contribute to 10+ open source security projects",
"Publish security research papers",
"Reach 1000+ GitHub stars"
]
def say_hi(self):
print("Thanks for visiting! Let's make the web more secure together!")
me = ChetanBiranje()
me.say_hi()