Muhammad Asim Shahzad
With over 5 years of hands-on experience in vulnerability assessment and penetration testing, along with a solid background of 10+ years in Bug Bounty Hunting. Extensive expertise in Web, Mobile Apps (iOS / Android), and AWS Cloud Security domains, coupled with a strong background in Network/Infrastructure Vulnerability Assessment and Penetration Testing. Holds a Bachelor's degree in Computer Science and boasts a diverse array of notable cyber security certifications and achievements, including eLearnSecurity Certified Professional Penetration Tester (eCPPT), Certified Red Team Professional (CRTP), Certified Ethical Hacker (CEH), Certified Web Application Security Professional (CWASP), and eLearnSecurity Web Application Penetration Testing eXtreme (eWPTXv2).
Recognized by industry leaders such as Microsoft, Google, Facebook, Salesforce, Dropbox, and Snapchat etc. Consistently ranked among HackerOne's top one hundred hackers for three consecutive years (2014 to 2016). Distinguished participation in the prestigious Live Hacking Competition H1-702 held in Las Vegas, organized by HackerOne and an active member of the Synack Red Team (SRT).
Web Application Penetration Testing
Mobile Penetration Testing (iOS / Android)
Source Code Review
Docker Penetration Testing
Cloud Security Assessment
Education & Experience
Bachelors in Computer Science
Jinnah Govt. College (FSC)
Programmer School (HSC)
Manager & Team Lead Penetration Testing at Bank AL Habib Limited
April 2021 - Present
Unit Head - Application Security Lead at BankIslami Pakistan Limited
Dec 2019 - April 2021
Sr. Pentest Engineer at Trillium Information Security Systems
April 2019 - Oct 2019
Information Security Analyst at JS Bank
Oct 2018 - April 2019
Cyber Security Trainer at Elevate Pakistan
Jan 2018 to Dec 2019
Bug Bounty Hunter at HackerOne & Bugcrowd
2013 to Present
Red Team Member at Synack
May 2019 - Present
What I do
I am a Penetration Tester who
cares about the Information Security
Working on platforms like HackerOne, Synack, and some other cybersecurity platforms since 2013. We guaranteed you to convey the best assistance according to your necessity and eagerness to deal with this task. We have attended multiple live hacking competitions in Las Vegas organized by HackerOne & secured a good rank by highlighting some 0-days on well-known international companies' products.
Hunted more than 500 international companies including Microsoft, Facebook, Google, Snapchat, Dropbox, Salesforce, etc. Listed on the top hundred hackers of the World's biggest hackers community (HackerOne) for consecutive 3 years.
The penetration testing services i provide, help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights into the overall business impact of a cyber-attack.
Perform security assessments of the organization's Networks & Infrastructure, Web Applications, Database Security and Hardening, Mobile Applications (Android & iOS), Reverse Engineering, Secure Web Development, Source Code Review, IoT Devices such as thin clients. ATMs, Hardening of CMS such as WordPress, etc...
Help organizations to develop secure products by following the Secure Architecture Design and Review leads organizations through an in-depth assessment of their existing network infrastructure and implemented design against industry best practices & addresses network security loopholes to ensure the CIA triad.
Offering the following Cybersecurity Training:
1- Bug Bounty Hunting Training
2- Web Application Penetration Testing Training
3- Mobile Application Penetration Testing Training
4- Network Penetration Testing Training
5- Cyber Security Awareness Training (For Corporates)
6- Cyber Security Employee Awareness Training
7- Email Security Training
8- Network & Infrastructure Security Training
9- Mobile Device Security Training
Cybersecurity Training & Sessions
Live Hacking Competition