~/about ~/exp ~/skills ~/contact hire me
bash — sansat@dev: ~

sansat@dev:~$ whoami

SATISH YADAV

>
Mumbai, India Open to opportunities CS @ Thakur College
$ view --work @ contact me
0+ CVE-style
Findings
0+ HTTP Requests
Intercepted
0+ API Endpoints
Audited
0 Live Lab
Environments
scroll --down
01.

about_me

sansat@dev:~/about$ cat profile.txt

I'm a final-year Computer Science student at Thakur College of Science & Commerce, Mumbai — graduating in 2026. I'm currently working as a React Native Developer at Beeonline while finishing my degree.

I got into cybersecurity out of curiosity — started with DVWA and Metasploitable on my own, picked up Burp Suite, started actually understanding how web apps break. It's become something I genuinely enjoy, not just something I do for a resume.

I'm still learning a lot. I know what I know, and I know there's way more I don't yet — and I'm okay with that. If you're someone who values growth over polish, we'll probably get along.

in linkedin.com/in/sansatdev @ sansat.dev@gmail.com # +91 72329 84880
sansat.json 
{
  "name":      "Satish Yadav",
  "role":      "Final Year CS Student",
  "also":      "React Native Dev @ Beeonline",
  "location": "Mumbai, India",
  "studying": "Thakur College, 2026",
  "into": [
    "Web App Security",
    "React Native",
    "Breaking things to",
    "understand them"
  ],
  "status": "open to work",
  "learning": true
}
02.

work_history

React Native Developer @ Beeonline

Current Position
  • Building mobile apps with React Native and TypeScript — mostly feature work, fixing bugs, and figuring out why things break.
  • Working with Redux Toolkit and React Query for state and data fetching. Still wrapping my head around some edge cases but getting there.
  • Handling auth flows — JWT tokens, AsyncStorage, multi-tenant session logic. Got deep into this while fixing a bug where college codes weren't being stored correctly.
  • Integrated Cashfree payment gateway into a mobile payment flow — including status polling and handling when the gateway isn't configured yet.
  • Collaborating with the team on API design — my security background helps me catch things like exposed endpoints or missing auth checks early.
React Native TypeScript Redux Toolkit React Query REST API JWT

Application Security & Testing @ CampusMint

Jul 2025 — Oct 2025
Found and helped fix 5+ real vulnerabilities in a live EdTech platform before it shipped — that was a good feeling.
  • Did a security review of CampusMint — an EdTech platform with student data, attendance, and payment features. Tested as a part of the team, not a third-party auditor.
  • Went through the auth system — checked how JWT tokens were handled, tested role-based access for students/professors/admins, looked for ways to escalate privileges.
  • Manually tested 40+ API endpoints — checked for IDOR, missing auth checks, sensitive data in responses, and whether rate limiting was actually working.
  • Helped apply fixes for the issues I found — input validation, parameterized queries, CSRF tokens, proper file upload checks.
  • First time I actually saw security research translate into real production fixes — was a good learning experience.
Burp Suite Pro REST API Security JWT Analysis RBAC Testing OWASP Top 10 IDOR

Security Researcher @ Independent Practice

Aug 2024 — Jan 2026
  • Spent a lot of time on vulnerable-by-design labs — Metasploitable2, DVWA, WebGoat, and some custom setups. Learned way more from breaking these than from any tutorial.
  • Found and exploited 20+ vulnerabilities across these environments — SQLi in multiple forms, various XSS types, command injection, SSRF, and some file upload stuff that led to RCE.
  • Used Burp Suite Professional a lot — intercepting and modifying requests, fuzzing parameters, figuring out how the app actually works vs how it's supposed to.
  • Practiced chaining vulnerabilities together — not just finding one thing but seeing how multiple small issues can combine into something bigger.
  • Did recon with Nmap, Amass, and Gobuster — learned how much info is just sitting there if you actually look for it.
Burp Suite Pro Metasploit Nmap SQLMap Amass Gobuster DVWA Kali Linux
edu

Bachelor of Computer Science

Thakur College of Science & Commerce, Mumbai

2026
03.

arsenal

Offensive Security

Penetration Testing
92%
SQL Injection
90%
XSS / CSRF / SSRF
88%
Auth & Session Attacks
85%
Vuln Chaining & RCE
80%
🛠

Tools & Arsenal

Burp Suite Pro Metasploit Nmap SQLMap Nikto OWASP ZAP Amass Gobuster Wireshark Kali Linux DVWA Metasploitable2 WebGoat VirtualBox
📱

Development

React Native
88%
TypeScript / JavaScript
85%
Python (Security Automation)
80%
Bash Scripting
78%
REST API & SQL
85%
🌐

Platforms & Networking

Linux Administration Server Hardening TCP/IP HTTP/HTTPS DNS Wi-Fi Security Docker Container Security Git / GitHub OWASP Top 10 RBAC / IDOR JWT Security
04.

contact

initiate_contact.sh

$ echo "Let's build something secure"

> Let's build something secure

$ cat contact.txt

email sansat.dev@gmail.com linkedin linkedin.com/in/sansatdev github github.com/sansatdev phone +91 72329 84880

$ _

Looking for security roles or dev opportunities.

I'm a final-year student actively looking for roles in security or mobile dev. I don't have everything figured out yet, but I'm genuinely interested, I work hard, and I pick things up fast. If that sounds useful, reach out.

@ send message