class RohitKumar:
def __init__(self):
self.role = "Senior Application Security Engineer"
self.company = "PwC (Senior Associate)"
self.location = "Kolkata, India"
self.experience = "5+ years in offensive security"
self.specialties = ["Web App Security", "Mobile Pentest (iOS/Android)",
"API Security", "Source Code Analysis (SCA)",
"SSO / SAML / OAuth 2.0", "CVE Research"]
self.builds = ["Burp Suite extensions (Montoya API)",
"Python/Bash security automation"]
self.published = ["CVE-2024-35581", "CVE-2024-35582", "CVE-2024-35583"]
self.mindset = "Automate the manual. Verify everything. Assume breach."🛡️ Senior AppSec Engineer with 5+ years across web, mobile (iOS/Android) and API penetration testing, source-code analysis and CVE research in banking, e-commerce and enterprise environments — currently at PwC, previously Black Duck (Synopsys) and Synopsys Inc., where I discovered 3 CVEs published in MITRE/NVD.
| 🔬 CVEs Published | 🗓️ Experience | 🌐 Web/API Assessed | 📱 Mobile Audited |
|---|---|---|---|
| 3 in MITRE / NVD | 5+ years | 300+ apps | 100+ apps |
Published vulnerabilities (zero-day research & responsible disclosure):
PwC Senior Associate Mar 2026 — Present
Black Duck (Synopsys) Senior Security Consultant Mar 2025 — Mar 2026
Black Duck (Synopsys) Security Consultant Sep 2024 — Mar 2025
Synopsys Inc. Security Service Associate Mar 2022 — Sep 2024 ← 3 CVEs disclosed
CSCC Labs Cyber Security Analyst Jul 2021 — Mar 2022
Application & Network
Mobile (iOS / Android)
Languages & Build
Domains & Standards
- 🔐 saml-oauth-auto-tester — Burp (Montoya) extension that auto-runs the full SAML (XSW1–8, XXE, cert-faking) and OAuth 2.0 / OIDC (redirect hijack, PKCE, JWT
alg=none) attack battery from Proxy history. - 🛡️ owasp-sentinel — Burp extension to manage and track flagged/hidden findings and surface OWASP Top-10 issues, streamlining triage during assessments.
- 🍪 burp-session-token-analyzer — session-cookie / token analysis tool that flags weak session-management during web app testing.