🎯 Cybersecurity Enthusiast | OWASP Open-Source Contributor | GSoC 2026 Aspirant
🔐 Focused on Web Security, Open Source & Security Automation
I am a cybersecurity enthusiast passionate about:
- Web penetration testing
- Open-source security tools
- Writing clear, practical security documentation
- Automating security testing workflows
I actively contribute to OWASP projects and am preparing for Google Summer of Code (GSoC) 2026 with a strong focus on real-world security tooling.
I am actively preparing for Google Summer of Code 2026, with a primary interest in:
- OWASP Dependency-Check
- OWASP WSTG
- OWASP tooling & documentation automation
- OWASP Cornucopia
My focus areas:
- Improving security tooling reliability
- Documentation → code alignment
- Reducing false positives & improving developer experience
I am currently working on issues, PR reviews, and design discussions related to these areas.
• OWASP Cornucopia – Hindi card deck translation & improvements
• OWASP Dependency-Check – External data source documentation
• OWASP WSTG – Updated cache-control testing guidance
• OWASP ZAP API Docs – API usage improvements
• OWASP OWTF – Security improvements to external links
🎮 Playful STRIDE-aligned AA4 card description — #2113
- Authored a humorous, scenario-driven threat description aligned with MASVS and MASTG
- Followed established STRIDE categorization patterns (AA2/AA3 examples)
- Reviewed and merged by project maintainers
🌍 Complete Hindi Translation of WebApp Card Deck — #2247 Authored the full Hindi translation for all suits, cards, and paragraphs Preserved structure, IDs, URLs, and ordering to maintain compatibility Addressed reviewer feedback (card swaps, wording clarifications, consistency updates) Successfully merged into the master branch
🌍 Hindi Localization Improvements — #2565
- Improved translation accuracy and readability
- Ensured technical terminology aligned with the English source
- Collaborated with maintainers and community reviewers
✅ OWASP Dependency-Check 📘 Documentation: External data sources & hostnames — #8219 Documented all external data sources and hostnames contacted by Dependency-Check based on enabled analyzers and configuration Added a clear, auditable table to help organizations with restricted or air-gapped networks create accurate allow-lists Verified hostnames directly from the codebase and clarified indirect vs analyzer-specific network access Improved enterprise adoption and reduced recurring support questions Merged into main and included in release milestone 12.2.1
- ✍️ Improve API docs (ToC, guidance) — #247
- Added general guidance for using the ZAP API with curl, addressing common pitfalls such as parameter encoding and boolean handling
- Improved API usability without modifying generated or endpoint-specific documentation
- Incorporated maintainer feedback to keep the change narrowly scoped and maintainable
- Reduced recurring user errors when interacting with the ZAP API via curl
- 📝 Fixed outdated cache-control security guidance by aligning recommendations with modern browser behavior and current best practices (e.g., Cache-Control: no-store), improving the accuracy of security testing outcomes and reducing tester confusion. #1291
- 🔒 Fixed broken external documentation links and improved external link security — #1345
- Added
rel="noopener noreferrer"to prevent reverse tabnabbing attacks - Removed outdated IRC (Freenode) reference and aligned with current OWASP communication channels
- Addressed maintainer feedback and successfully merged into
develop
📊 Multiple merged PRs across OWASP projects including Cornucopia, WSTG, OWTF, Dependency-Check, and ZAP.
🔹 Repository: security-writeups
Includes:
- Vulnerability write-ups (PDFs)
- Header scanning tool
- URL parameter discovery script
- OWASP ZAP automation scripts
- Web Penetration Testing (OWASP Top 10)
- XSS, SQLi, IDOR, CSRF, SSRF
- Recon & vulnerability discovery
- OWASP ZAP automation
- Secure coding practices
All security research and testing is performed only on:
- Legal labs
- Test environments
- Systems with explicit permission
No illegal or unauthorized testing.
- GitHub: https://github.com/SachinAditya
- LinkedIn: https://linkedin.com/in/aditya-devraj-sachin
⭐ Always open to collaboration, open-source contributions, and security discussions.
