APPLICATION SECURITY ENGINEER

Akash Bhavsar

akash@appsec:~$ whoami

AppSec Engineer · OSCP+ · ex-Full-Stack Developer

OSCP+ certified AppSec engineer with 8+ years bridging full-stack development, penetration testing, and DevSecOps. I break things, then help teams build them back stronger.

Read Writeups → View Projects

8+

Years Experience

OSCP+

Certified · Dec 2025

50+

Security Assessments

26

HTB Writeups

About

I'm an OSCP+ certified Application Security Engineer at Sydney Tools. I came up as a Senior Full Stack Developer, so I know where developers cut corners — and I write remediation that actually ships.

// offensive

Web & API pentesting — Burp Pro, Caido, SQLMap
AD attacks & privesc — BloodHound, Impacket, Rubeus
CVE research · Hack The Box practitioner

// defensive

Secure code review — Semgrep, CodeQL, Brakeman
DevSecOps pipelines — Snyk, SonarQube, Trivy
Cloud hardening — AWS, GCP, K8s RBAC

// full-stack

Python, Node.js, React, Vue, Next.js
Docker, Kubernetes, Terraform, CI/CD
Postgres, MongoDB, REST & GraphQL APIs

OSCP+ · Verify HTB · Profile Full detail · About page

Security isn't about saying no. It's about finding ways to say yes, securely.

Projects

// ot-soc-in-a-box

OT SOC-in-a-Box

A containerized Security Operations Center for industrial control systems (OT/ICS), simulating a complete OT environment with a 7-phase attack simulation, cu...

DockerSuricataWazuhMITRE ICS

// wazuh-soar-automation

Wazuh SOAR Automation

A Docker-based SIEM and SOAR platform integrating Wazuh Manager, OpenSearch, and a web dashboard for centralized security monitoring. Provides automated thre...

DockerWazuhOpenSearchSOAR

// dionaea-honeypot-elk

Dionaea Honeypot with ELK Stack

A honeypot solution combining the Dionaea framework with the ELK stack (Elasticsearch, Logstash, Kibana) for real-time attack capture and analysis. Monitors ...

DionaeaElasticsearchLogstashKibana

// aws-waf-ops-suite

AWS WAF Security Operations Suite

A production-grade AWS WAF deployment protecting web applications against OWASP Top 10 threats. Deploys 10 custom WAF rules (SQLi, XSS, rate limiting, bot de...

AWS WAFCloudFrontPythonboto3

// htb.writeups

Hack The Box Writeups

Machine walkthroughs — recon, exploitation, and privilege escalation notes from HTB.

BurpNmapBloodHoundImpacket

Contact

GitHub LinkedIn HTB Email