Ethical Hacker • Cyber Security Analyst • Penetration Tester

Iftikar — securing products with focused testing and responsible disclosure

Offensive security specialist focused on web and API pentesting, automation-first recon, and high‑signal reporting. Clear PoCs, sharp remediation guidance, and fast, collaborative delivery.

_
View My Work Hire Me Hall of Fame
IST • Global remote Response SLA 24–48h Responsible Disclosure
IFTIKAR ALOM LASKAR — Cybersecurity Professional
Services

Offensive security you can ship on

Focused testing, reproducible PoCs, and engineering-ready guidance.

Request scope
🛡️
Web & API Pentesting

OWASP Top 10, auth/session, access control, and business logic validation across web and APIs.

🔐
Auth & Session

MFA, OAuth/OIDC/OAuth2, CSRF, token lifecycle, cookie/headers, session fixation.

🔎
Access Control

IDOR/BOLA, horizontal/vertical escalation, tenancy isolation, object scoping.

⚙️
Complex Classes

SSRF, RCE, deserialization, template injection, path traversal, upload abuse.

🕵️
Bug Bounty Research

High-signal recon and exploit chains prioritizing impact over volume in public/private programs.

📡
Recon

Automation-guided enumeration, diffing, asset clustering, attack-surface mapping.

🧩
Chaining

Privilege paths, cross-app flows, cloud metadata pivots, edge-case orchestration.

📝
Reporting

Dev-friendly PoCs, CVSS mapping, mitigation, and triage-ready evidence.

🏗️
Secure SDLC Advisory

Threat modeling, secure code reviews, and CI/CD guardrails embedded in delivery pipelines.

🔍
Code & Config

PR reviews, IaC checks, secrets hygiene, dependency risk reduction.

🧭
Threat Modeling

OWASP, STRIDE, misuse/abuse cases, data flow and trust boundaries.

🚀
Delivery

Playbooks, runbooks, developer enablement, and measurable hardening.

Typical engagement: scope in 24h • testing 3–7 days • retest included
View projects Start engagement
Approach

Built for engineering teams

Focused findings, actionable guidance, measurable outcomes.

📈
Signal over noise

Concise, reproducible reports with affected assets, root cause, CVSS, and remediation steps prioritized by impact.

🏦
Business impact first

Targeting vulnerabilities that affect data, revenue, or availability—not just scanner output or low-value alerts.

Tooling

Burp Suite, ffuf, Nuclei, Interactsh, kxss, jq, Python, and custom scripts to accelerate deep probes.

Methods

OWASP, STRIDE, threat modeling, differential analysis, and test oracles for complex logic.

Turnaround

Scope in 24h, test in 3–7 days, final report with PoCs, and retesting for closure.

Recognitions: add logos or Hall of Fame link Hall of Fame

Latest write-ups

Chaining IDOR to Account Takeover

From recon to exploit paths with detection tips for blue teams and hardening ideas.

5 min read • Web/API
From SSRF to RCE via Metadata

Cloud nuance, egress controls, and safe reproduction strategies for test environments.

7 min read • Cloud

Start a security engagement

Share scope, timelines, and communication preferences. Response in 24–48 hours.

Or email: security@iftikaralom.site

Quick facts

Programs HackerOne, Bugcrowd, Private
Focus Web, API, Cloud
Time zone IST (UTC+5:30)
Availability

Currently taking 1–2 engagements this month. Retainers welcomed.

View services