Skip to content
View SanjayanV's full-sized avatar
1 follower · 2 following

Block or report SanjayanV

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
SanjayanV/README.md 
███████╗ █████╗ ███╗   ██╗     ██╗ █████╗ ██╗   ██╗ █████╗ ███╗   ██╗
██╔════╝██╔══██╗████╗  ██║     ██║██╔══██╗╚██╗ ██╔╝██╔══██╗████╗  ██║
███████╗███████║██╔██╗ ██║     ██║███████║ ╚████╔╝ ███████║██╔██╗ ██║
╚════██║██╔══██║██║╚██╗██║██   ██║██╔══██║  ╚██╔╝  ██╔══██║██║╚██╗██║
███████║██║  ██║██║ ╚████║╚█████╔╝██║  ██║   ██║   ██║  ██║██║ ╚████║
╚══════╝╚═╝  ╚═╝╚═╝  ╚═══╝ ╚════╝ ╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═╝╚═╝  ╚═══╝

Application Security Researcher · Bug Bounty Hunter · CVE Author

Bug Bounty AppSec

whoami

$ cat /etc/passwd | grep SanjayanV

SanjayanV:x:1337:1337:AppSec Researcher,Bug Bounty Hunter,CVE Author:/home/SanjayanV:/bin/zsh

I break things before the bad guys do.
Application security researcher focused on supply chain attacks, web exploitation, and CI/CD security. I hunt bugs, write CVEs, and build tools that make attack surfaces visible.

⚙️ Projects

🔐 SecureAuth Framework

Production-grade authentication library in Go

A fully open-source auth framework implementing JWT, session-based auth, OAuth 2.0/OIDC, and API key management — designed as both a portfolio piece and a teaching resource for secure implementation patterns.

├── JWT (HS256/RS256, revocation strategies)
├── Session management (stateful, lifecycle hardening)
├── OAuth 2.0 / OIDC integration
├── API key management
└── CI/CD pipeline (SAST · Secrets · SBOM · Trivy · Dependency-Check)

Go GitHub Actions Trivy

🛡️ ChainSentry (In Development)

Supply chain security monitoring tool

Built on the methodology that discovered CVE-2026-0933 — ChainSentry detects malicious patterns in lockfiles, dependency manifests, and CI/CD pipeline configs before they reach your build.

Target attack surfaces:
  package-lock.json · pnpm-lock.yaml · yarn.lock
  .github/workflows · Dockerfile · requirements.txt

Python SBOM

🧰 Arsenal

╔══════════════════════════════════════════════════════════════╗
║                      RECON & DISCOVERY                       ║
║  subfinder · httpx · gau · amass · shodan                    ║
╠══════════════════════════════════════════════════════════════╣
║                     EXPLOITATION                             ║
║  Burp Suite Pro · Nuclei · ysoserial · sqlmap · ffuf         ║
╠══════════════════════════════════════════════════════════════╣
║                     APPSEC / SAST                            ║
║  Semgrep · CodeQL · Trivy · Gitleaks · OWASP ZAP             ║
╠══════════════════════════════════════════════════════════════╣
║                  CLOUD / INFRA SECURITY                      ║
║  kubeaudit · kube-bench · truffleHog · Syft                  ║
╚══════════════════════════════════════════════════════════════╝

🎯 Current Focus

focus = {
    "exploitation":   ["SSRF", "XXE", "JWT attacks", "SSTI", "Deserialization"],
    "infra":          ["CI/CD attack surfaces", "GitHub Actions poisoning"],
    "research":       ["Lockfile injection", "Supply chain CVE hunting"],
    "bounty":         ["NordPass", "Rapyd"],
    "goal":           "AppSec Engineer role"
}

📊 Attack Surface Coverage

Domain Techniques Status
Web AppSec SSRF, XXE, IDOR, SSTI, Deserialization, JWT 🟢 Active
Supply Chain Lockfile injection, dependency confusion, CI poisoning 🟢 CVE Filed
Session Security Fixation, hijacking, JWT revocation bypass 🟢 Active
Infrastructure K8s misconfig, container escape, secret leakage 🟡 In Progress
DAST / Runtime OWASP ZAP, dynamic pipeline scanning 🟡 In Progress

📬 Connect

LinkedIn Bugcrowd Email

"Security is not a product, but a process." — Bruce Schneier

Visitor Count

Popular repositories Loading

  1. Full-stack-app-Farmer-consumer-marketplace Full-stack-app-Farmer-consumer-marketplace Public

    JavaScript

  2. Varient-hunter Varient-hunter Public

    Tool that changes the entire approach of code analysis

  3. Dependency-Watchdog- Dependency-Watchdog- Public

    Detecting supplychain vulnerabilities before they get exploited

  4. supabase supabase Public

    Forked from supabase/supabase

    The Postgres development platform. Supabase gives you a dedicated Postgres database to build your web, mobile, and AI applications.

    TypeScript

  5. auth auth Public

    Forked from supabase/auth

    A JWT based API for managing users and issuing JWT tokens

    Go

  6. ThreatModel ThreatModel Public

    Agentic threat modelling tool