Skip to content
View theAstiv's full-sized avatar

Block or report theAstiv

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
theAstiv/README.md
╔══════════════════════════════════════════════════════╗
║  astitva@github:~$ whoami                            ║
║  > Lead AppSec Engineer. Security tooling builder.   ║
║  > 6 years breaking things. Now building what's      ║
║    missing.                                          ║
╚══════════════════════════════════════════════════════╝

What I work on

By day — product security at OutSystems: threat modeling, vulnerability management, HackerOne, and an internal agentic pipeline that automates the parts of AppSec that shouldn't need humans.

By night — open-source security tooling at the intersection of AppSec and AI agents.


Open Source

LLM-powered iterative threat modeling CLI

STRIDE · MAESTRO · DREAD scoring · Multi-provider (Anthropic / OpenAI / Ollama) · Async Python

Built because threat modeling is critical and consistently under-resourced. Paranoid makes it fast enough to actually happen. Targeting DEF CON Arsenal · null India · Nullcon


MCP server for token-efficient AI coding agent context

Go · SQLite FTS5 · Tree-sitter · 11 languages · v1.0.0

Gives AI coding agents structured, token-efficient codebase context — with blast radius detection, dead code analysis, and hybrid search. Zero-dependency binary.


Stack

Languages   →  Go · Python · (some JS when necessary)
AppSec      →  Burp Suite Pro · Checkmarx · Semgrep · Wiz ·
AI / Agents →  Anthropic API · LangGraph · MCP Protocol · Ollama
DevSecOps   →  GitHub Actions · Docker · K8s · AWS · Azure
Frameworks  →  STRIDE · MAESTRO · OWASP ASVS · NIST AI RMF · GDPR · DPDPA

Elsewhere

LinkedIn Email

📍 India  ·  Open to remote roles


"Security that doesn't ship doesn't secure anything."

Popular repositories Loading

  1. paranoid paranoid Public

    Python 6 1

  2. token-saver-stack token-saver-stack Public

    Shell 1

  3. awesome-go awesome-go Public

    Forked from avelino/awesome-go

    A curated list of awesome Go frameworks, libraries and software

    Go

  4. SvelteFeedbackApp SvelteFeedbackApp Public

    Svelte

  5. theAstiv theAstiv Public

    Config files for my GitHub profile.

  6. godocx godocx Public

    Forked from gomutex/godocx

    Go library for reading and writing Microsoft Docx

    Go