MD ASIF HOSSAIN

SECURITY RESEARCHER — VAPT & BUG BOUNTY

asifbd9107@gmail.com

+8801******1232

Uttara, 1230 Bangladesh

Accomplished Security Researcher with extensive experience at Yogosha and HackerOne, specialising in Threat & Vulnerability Management, Penetration Testing, and Cybersecurity. Demonstrated expertise in Digital Forensics, Ethical Hacking, and Security Incident Response. Proven track record as a Cyber Security Engineer at Jobmofy in Germany, excelling in Vulnerability Assessment and Penetration Testing (VAPT).

Profiles

LinkedIn HackerOne Bugcrowd Yogosha Medium

Skills

SSRF

IDOR

SQL Injection

XSS

Privilege Escalation

Digital Forensics

Vulnerability Assessment

Penetration Testing

Incident Response

CTF Problem-Solving

Intelligence Sourcing

OSINT

Security Expertise

Strong knowledge and hands-on experience with SSRF, IDOR, SQL Injection, XSS, and Privilege Escalation

Proficient in identifying and exploiting vulnerabilities in web applications and systems

Skilled in penetration testing, vulnerability assessment, and reconnaissance using Metasploit, Burp Suite, and Nessus

Experience in security testing of Web Applications, Mobile Applications, Boot2Root machines, and OSINT-based targets

Utilized tools like Subfinder, Amass, and various OSINT techniques to uncover sensitive information

Experience

Security Researcher

Yogosha

May 2022 — Present

Security Researcher

BugCrowd

Jan 2020 — Present

Cyber Security Engineer

Jobmofy (Germany)

Jan 2021 — Dec 2021

Volunteer Experience

HackerOne Ambassador

HackerOne

Aug 2024 — Present

Selected as a HackerOne Ambassador to represent and grow the bug bounty and ethical hacking community. Conducted community outreach, mentorship, and awareness sessions about responsible disclosure and vulnerability reporting. Supported new hackers by sharing knowledge, organizing events, and promoting best practices in cybersecurity.

Education

BSc Computer Science & Engineering

Uttara University, Uttara

Jan 2024

Civil Engineering

CTT Polytechnic Institute, Gazipur, Bangladesh

Dec 2020

Secondary School Certificate - Science

Idgah High School, Kapasia, Gazipur

Jan 2025

Certifications

Certified AppSec Practitioner (CAP)

The SecOps Group

Web Application Penetration Tester eXtreme

INE

Android Forensics with Belkasoft

Belkasoft

TryHackMe - Junior Penetration Tester Path

TryHackMe

PortSwigger Web Security Academy

PortSwigger

Achievements

1,000+

Valid Vulnerabilities

80

Critical Bugs (8%)

174

High Severity (17.4%)

454

Medium Severity (45.4%)

Hall of Fame: Google, NASA, Microsoft, ESET
Hall of Fame: Nokia, Dev.to, Ellucian, Eur.nl, KNB.nl, FMFW (crypto exchange)
Acknowledged by many other private and public programs
4th Place — SUST CTF, showcasing skills in real-world exploitation and problem-solving under pressure
Contributed to strengthening the security of numerous global platforms through detailed technical reports and PoCs

CTF & Community Contributions

Competed in various national-level CTF competitions, demonstrating strong problem-solving and technical skills

Regularly post cybersecurity-related write-ups on Medium.com

Delivered two talks on cybersecurity topics at the university's Cybersecurity Club

Contributed to open-source cybersecurity tools and projects, supporting the community by enhancing security tools and sharing insights

Languages

English

Proficient (C2)

Bengali

Proficient (C2)

References

Dr. A. H. M. Saifullah Sadi

Professor, Department of Software Engineering
Faculty of Science and Information Technology
Daffodil International University

Email: sadi.swe@diu.edu.bd
Phone: +8801795379956

Md. Wahidur Rahman

Advisor
Texas A&M University

Email: md_wahidur.rahman@students.tamuk.edu
Phone: +13612287384