ud0g
Uday Dogra
Active Researcher

Uday Dogra

|

I find real-world vulnerabilities in modern web applications — before attackers do.

5+
Vulns Found
50+
Labs Done
3
Certs
scroll
// about.me

Security Researcher.
Not a generic dev.

I'm Uday Dogra, a B.Tech Computer Science graduate with a sharp focus on Application Security and offensive web security. I don't just learn security — I apply it: digging into real applications, finding real vulnerabilities, and documenting them with clarity.

My approach is attacker-first. I study how web applications break — through SSRF, IDOR, XSS, injection attacks — and build methodologies to find them systematically. Every engagement ends with a clean, professional report that a security team can actually action.

Currently active on HackTheBox and PortSwigger Web Security Academy, building recon pipelines on cloud infrastructure, and pursuing bug bounty programs on HackerOne.

Think like an attacker
Offensive-first mindset
Document like a pro
Clear, actionable writeups
AppSec-first approach
Secure by design thinking
Continuous learner
Labs, CTFs, writeups
Certifications
🛡️
Ethical Hacking & Penetration Testing
CDAC
Offensive Security
Port Exploitation using Metasploit
A2IT
Exploitation
💻
React Web Development
Internshala
Frontend
Education
🎓
B.Tech Computer Science
Computer Science & Engineering
2022 – 2026
// technical_arsenal.init()

Technical Arsenal

A comprehensive set of tools and skills for application security, SOC monitoring, and full-stack development.

Application Security

8 skills

Helps me identify and mitigate real-world vulnerabilities like XSS, CSRF, and IDOR by understanding backend logic.

Web VulnerabilitiesXSSCSRFIDORSQL InjectionAuthentication & Session SecurityOWASP Top 10REST APIs

Security Tools

9 skills

Allows me to automate reconnaissance and perform deep vulnerability testing across web and network layers.

Burp SuiteCaidoOWASP ZAPNmapWiresharkGobusterffufSQLmapMetasploit

SOC & Automation

6 skills

Enables me to monitor network traffic, analyze logs, and build automation scripts to improve incident detection.

Splunk (SIEM)Log AnalysisAlert HandlingPython ScriptingBash AutomationIncident Detection

Development Stack

8 skills

Provides the foundation to build secure full-stack applications and understand the developer's perspective.

React.jsNext.jsNode.jsFirebaseMongoDBMySQLTailwind CSSLinux (Kali / Ubuntu)
Also know:PythonJavaScriptCC++FlaskPostgreSQLGitVS Code
// projects.filter(real)

What I've Built

Security-focused projects with real-world applicability. Each one solves an actual problem in the offensive security workflow.

🛡️

SOC Lab Simulator

Security Ops

Designed and implemented a simulated SOC environment using Splunk, Wireshark, and Proxmox. Simulated attacks such as brute-force and DNS tunneling to practice detection workflows and incident response mapping.

Hands-on SOC monitoring and incident response — bridges theory and practice
SplunkWiresharkProxmoxLog AnalysisIncident Response
🛠️

Hacker’s Helper

Blue Team Tooling

Developed a GUI-based automation tool for Linux security operations using Python and Tkinter. Features include automated log parsing, scanning, and service management to improve operational efficiency.

Operational efficiency — automates repetitive security tasks
PythonTkinterLinux SecurityAutomationLog Parsing
🎓

AppSec Educational Platform

AppSec

Building an interactive platform to demonstrate web vulnerabilities like XSS, IDOR, and Auth flaws. Includes hands-on labs explaining backend behavior to help learners understand both exploitation and mitigation.

Interactive learning — deep dive into web vulnerability mechanics
ReactNode.jsWeb SecurityOWASP Top 10Education
// bug_bounty.status

Bug Bounty & Labs

Active on bug bounty platforms and security labs. Building a track record of real vulnerability finds.

🟢
HackTheBox
Script Kiddie → Hacker
Hacker
Progress42%
8
Machines
15
Challenges
🔴
PortSwigger Web Security Academy
Practitioner
Practitioner
Progress65%
42
Challenges
🏹
HackerOne
Bug Bounty Programs

Actively hunting on public programs. Current focus: SSRF, IDOR in modern SaaS targets.

SSRFIDORAuth bypass
vulnerability_writeup.md
Medium Severity

Reflected XSS via Parameter Pollution

PortSwigger Lab — DOM-Based XSSCWE-79
1
Recon

Identified URL parameter reflected in response without encoding

2
Probe

Injected <script>alert(1)</script> — filtered by WAF

3
Bypass

Used event handler payload: "><img src=x onerror=alert(1)>

4
Exploit

Confirmed execution — extracted session cookie via document.cookie

5
Report

PoC documented with impact: session hijacking / account takeover

📝 Impact Assessment

Session hijacking possible → Full account takeover. Affected all users with modern browsers. No user interaction required beyond visiting a crafted URL.

PortSwigger XSS Lab Series — Practice Writeup✓ Verified
// attack.workflow()

My Attack Methodology

Systematic, repeatable, documented. This is how I approach every target — not random, always structured.

1
🔭

Recon

Passive + active target discovery. Map attack surface before touching a single endpoint.

SubfinderAmassShodanWHOIS
2
🌐

Enumeration

Subdomain probing, port scanning, JS file mining, endpoint discovery.

NmaphttprobehttpxWayback
3
💥

Fuzzing

Directory, parameter, and header fuzzing. Find what devs forgot to hide.

FFUFGobusterParamSpiderArjun
4
⚔️

Exploitation

Confirm and chain vulnerabilities. SSRF, IDOR, XSS, SQLi — test all identified vectors.

Burp SuiteSQLMapXSStrikeCustom PoC
5
📄

Reporting

Clear, reproducible reports. Severity scoring, impact analysis, remediation steps.

MarkdownPoC VideosCVSS ScoreRemediation

> "A vulnerability found is a vulnerability fixed. Systematic methodology beats random poking every time."

// live_terminal.sh

Tools in Action

Real commands from a real security workflow. This is what day-to-day reconnaissance looks like.

bash — root@kali — 80×24
root@kali:~#
// contact.init()

Let's Connect

Recruiting for AppSec? Collaborating on security research? Open to serious opportunities.

Contact Info
udaydogra204@gmail.com
Primary contact
github.com/udayydogra
Projects & code
India
Open to remote & on-site
Available
Actively looking for AppSec roles
Looking For
Application Security Engineer roles
Bug Bounty collaboration
Security research partnerships
Pentest internships / contracts
Send a message

Opens Gmail or Outlook in a new tab with a pre-filled draft to udaydogra204@gmail.com