🎯 Aspiring Cybersecurity Engineer | OWASP Contributor | GSoC 2026 Aspirant
🔐 Focused on Web Security, Open Source & Security Automation

I am a cybersecurity enthusiast passionate about:

• Web penetration testing
• Open-source security tools
• Writing clear, practical security documentation
• Automating security testing workflows

I actively contribute to OWASP projects and am preparing for Google Summer of Code (GSoC) 2026 with a strong focus on real-world security tooling.

I am actively preparing for Google Summer of Code 2026, with a primary interest in:

• OWASP Dependency-Check
• OWASP WSTG
• OWASP tooling & documentation automation

My focus areas:

• Improving security tooling reliability
• Documentation → code alignment
• Reducing false positives & improving developer experience

I am currently working on issues, PR reviews, and design discussions related to these areas.

✅ OWASP Dependency-Check 📘 Documentation: External data sources & hostnames — #8219 Documented all external data sources and hostnames contacted by Dependency-Check based on enabled analyzers and configuration Added a clear, auditable table to help organizations with restricted or air-gapped networks create accurate allow-lists Verified hostnames directly from the codebase and clarified indirect vs analyzer-specific network access Improved enterprise adoption and reduced recurring support questions Merged into main and included in release milestone 12.2.1

• ✍️ Improve API docs (ToC, guidance) — #247
• Added general guidance for using the ZAP API with curl, addressing common pitfalls such as parameter encoding and boolean handling
• Improved API usability without modifying generated or endpoint-specific documentation
• Incorporated maintainer feedback to keep the change narrowly scoped and maintainable
• Reduced recurring user errors when interacting with the ZAP API via curl

• 📝 Fixed outdated cache-control security guidance by aligning recommendations with modern browser behavior and current best practices (e.g., Cache-Control: no-store), improving the accuracy of security testing outcomes and reducing tester confusion. #1291

🎮 Playful STRIDE-aligned AA4 card description — #2113

• Authored a humorous, scenario-driven threat description aligned with MASVS and MASTG
• Followed established STRIDE categorization patterns (AA2/AA3 examples)
• Reviewed and merged by project maintainers

• 🔒 Fixed broken external documentation links and improved external link security — #1345
• Added rel="noopener noreferrer" to prevent reverse tabnabbing attacks
• Removed outdated IRC (Freenode) reference and aligned with current OWASP communication channels
• Addressed maintainer feedback and successfully merged into develop

🌍 Complete Hindi Translation of WebApp Card Deck — PR #2247 Authored the full Hindi translation for all suits, cards, and paragraphs Preserved structure, IDs, URLs, and ordering to maintain compatibility Addressed reviewer feedback (card swaps, wording clarifications, consistency updates) Successfully merged into the master branch

🔹 Repository: security-writeups
Includes:

• Vulnerability write-ups (PDFs)
• Header scanning tool
• URL parameter discovery script
• OWASP ZAP automation scripts

🔗 https://github.com/SachinAditya/security-writeups

• Web Penetration Testing (OWASP Top 10)
• XSS, SQLi, IDOR, CSRF, SSRF
• Recon & vulnerability discovery
• OWASP ZAP automation
• Secure coding practices

All security research and testing is performed only on:

• Legal labs
• Test environments
• Systems with explicit permission

No illegal or unauthorized testing.

• GitHub: https://github.com/SachinAditya
• LinkedIn: https://linkedin.com/in/aditya-devraj-sachin

⭐ Always open to collaboration, open-source contributions, and security discussions.