About Me | I'm Gaurav Narwani

I'm Gaurav Narwani

Computer Engineering graduate, web designer, developer and a security researcher looking forward to craft solutions to difficult problems in survivable cyber-physical systems and enterprise information systems. Keen technician and software programmer with extensive experience of online security packages and tools. Have experience triaging for various vulnerability disclosure programs and am among top researchers on bugcrowd, hackerone and synack

I make things

I love to work on variety of projects which are mostly open sourced. You can find my other projects on Github.

Trishul (link)

Trishul is an automated vulnerability finding Burp Extension. Built with Jython supports real-time vulnerability detection in multiple requests with user-friendly output. This tool was made to supplement testing where results have to be found in a limited amount of time. Currently, the tool supports finding of Cross-Site Scripting, SQL Injections and Server-Side Template Injections. More vulnerabilities would be added in the later versions.

I break things

I hunt on various bug bounty platforms, including Bugcrowd, Hackerone, and Synack.
I sit in front of my laptop, start researching various security areas and find vulnerabilities in websites that can cause harm to us in some way. I have made this website to post about my findings.

I participate in Hackathons & CTFs

I have participated in numerous hackathons and CTFs winning in some of them

Some other participations:

I give Talks

I shared my approach and views regarding OWASP top 10 vulnerabilities and their mitigation at The Test Tribe Meetup on the 22nd of Sept 2019. It was remarkable at the same time nerve-wracking experience for me to present an hour-long session to an audience who were individuals from the industry carrying years of experience.

Here’s the link to my presentation and the required demo videos: https://tiny.cc/rhg1yy

More talks and videos at: https://gauravnarwani.com/talks/