-FFFFFF?style=for-the-badge&logo=x&logoColor=000000){kind=icon}
Name : Ali Al-Mansori
Handle : AliAlMansoriSec
Role : Web & API Penetration Tester
Focus : Offensive Security & Security Research
Speciality : Web Applications • APIs • Android Security
Research : OWASP • API Security • Bug Bounty
Platform : Cyber Thought | الفكر السيبراني
Website : alialmansori.com
Status : Open for Remote OpportunitiesI am a cybersecurity researcher focused on:
- Web Application Security
- API Security Testing
- Reconnaissance & Enumeration
- Business Logic Vulnerabilities
- Bug Bounty Hunting
- Android Application Security
I document methodologies, practical labs, attack flows, and security research to help build a stronger Arabic cybersecurity community.
Arabic Cybersecurity Education Platform
Focused on:
• Web Penetration Testing
• API Security
• OWASP Top 10
• Bug Bounty
• Practical Security Methodologies
Building high-quality Arabic cybersecurity content through practical learning and offensive security research.
+ Platform Under Development
+ Security Content Production Started
+ GitHub Documentation Active• Advanced API Security Testing
• Business Logic Vulnerabilities
• Recon Automation
• Android Pentesting
• Bug Bounty Hunting
• Security Methodology Documentation
Tools assist the process.
Methodology drives the results.
I focus on:
- Understanding attack surfaces
- Thinking like an attacker
- Mapping trust boundaries
- Identifying weak business logic
- Building structured testing workflows
| Project | Description | Status |
|---|---|---|
| 🧭 Web Pentest Methodology | Structured methodology for Recon → Enumeration → Exploitation → Reporting | ✅ Active |
| ⚙️ WPT Workflow Manager | Automation scripts for pentest workflow organization & target preparation | ✅ Active |
| 📖 OWASP Web Top 10 | Deep documentation for each vulnerability with attacker mindset & remediation | 🔄 In Progress |
| 🔌 OWASP API Security Top 10 | API security labs, testing techniques & vulnerability research | 🔄 In Progress |
| 📱 Android Pentesting Notes | Android application testing methodology & practical labs | 🧪 Researching |
| 🏆 CTF Writeups | TryHackMe, HackTheBox & PortSwigger labs writeups | 🔄 In Progress |
| 🐛 Bug Bounty Findings | Real-world vulnerability writeups & case studies | 🔄 In Progress |
Reconnaissance
↓
Attack Surface Mapping
↓
Enumeration
↓
Vulnerability Discovery
↓
Exploitation
↓
Impact Validation
↓
Reporting & Remediation
| Track | Focus Area | Status |
|---|---|---|
| OWASP Web Top 10 | Web Security Fundamentals | ✅ Completed |
| OWASP API Security Top 10 | API Security Testing | 🔄 In Progress |
| eJPT | Pentesting Fundamentals | 🔄 In Progress |
| Android Security | Mobile App Pentesting | 🧪 Researching |
| PNPT | Full Pentest Workflow | 📅 Planned |
| OSWA | Advanced Web Attacks | 📅 Planned |
2023 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ NOW
│
├─ ✅ Web Pentesting Foundation
├─ ✅ Built: Web Pentest Methodology
├─ ✅ Created: WPT Workflow Manager
├─ ✅ Launched: Cyber Thought Platform
├─ ✅ Tools Mastery: Burp, Nmap, SQLMap, FFUF, Nuclei
│
├─ 🔄 OWASP Web Top 10 — Full Documentation
├─ 🔄 OWASP API Security Top 10 — Full Documentation
├─ 🔄 Android Pentesting — Notes & Labs
├─ 🔄 Bug Bounty Research & Findings
├─ 🔄 CTF Writeups (THM / HTB / PortSwigger)
│
├─ 📅 Launch alialmansori.com
├─ 📅 Security Blog & Research Notes
├─ 📅 Advanced API Testing Labs
└─ 📅 Remote Freelance & Full-Time Security Position
-000000?style=for-the-badge&logo=x&logoColor=white){kind=icon}
