VIKAS GOPAL SULTANE

Security Test Engineer | Web & API Penetration Tester | VAPT Analyst

+91-9022243296 | vikassultane214@gmail.com | Pune, Maharashtra

linkedin.com/in/vikas-sultane-82244322b | vikas-sultane.netlify.app | decoderx.pages.dev

Professional Summary

Security Test Engineer with 1+ year of hands-on experience in Web Application and API Penetration Testing (VAPT), specializing in identifying and exploiting vulnerabilities aligned with OWASP Top 10 and OWASP API Security Top 10. Successfully discovered and validated 15+ critical and high-severity vulnerabilities including IDOR/BOLA, SQL Injection, Privilege Escalation, Business Logic Flaws, and Authentication Bypass. Experienced in manual security testing, vulnerability assessment, proof-of-concept development, CVSS scoring, and remediation validation using Burp Suite, SQLMap, Postman, Python, and Linux-based security tools.

Work Experience

Security Test Engineer Apr 2025 - Present | Full-time

Vmedulife Software Pvt. Ltd. Pune, Maharashtra

Executed manual Web Application and API penetration testing; identified 15+ critical/high-severity vulnerabilities across staging environments - OWASP Top 10 and OWASP API Security Top 10 aligned.
Exploited IDOR/BOLA by manipulating object references to access unauthorized user records; chained with auth token reuse to demonstrate full account takeover across 3 user roles.
Discovered Blind and Boolean-based SQL Injection in API endpoints using manual payloads and SQLMap; bypassed WAF filters via encoding and fragmentation techniques.
Achieved unauthorized Privilege Escalation from standard user to admin-level access exposed both horizontal and vertical privilege flaws.
Identified Business Logic vulnerabilities: race conditions on OTP/coupon endpoints, rate limit bypass via IP rotation and X-Forwarded-For header spoofing, and workflow sequence manipulation.
Built and executed 100+ API security test cases covering mass assignment, excessive data exposure, broken function-level authorization, and CORS misconfiguration.
Delivered CVSS-scored vulnerability reports with PoC-backed evidence; collaborated with developers and QA on remediation tracked and verified sign-off for each finding.

Cybersecurity Intern Dec 2024 - Jan 2025 | Internship

Extion Infotech Remote

Conducted network vulnerability assessments using Nmap, Nessus, and Metasploit - identified 8+ critical misconfigurations across Windows-based systems.
Executed full penetration testing lifecycle: scoping, enumeration, exploitation, and professional reporting across 2 network segments.
Delivered structured mitigation reports with CVSS severity ratings and remediation steps for each identified finding.

Technical Skills

Security Testing: Web Application Security (OWASP Top 10), API Security Testing (OWASP API Top 10), VAPT, Business Logic Testing, Authentication & Authorization Testing, Session Management Testing, Privilege Escalation, Race Condition Testing, IDOR/BOLA Testing
OSINT & Reconnaissance: OSINT, GEOINT, SOCMINT, Metadata Analysis, Google Dorking, Shodan
Tools: Burp Suite, Postman, sqlmap, Nmap, Nessus, OpenVAS, Metasploit, Wireshark, OWASP ZAP, Acunetix
Programming: Python (automation, exploit scripting), Bash Scripting
Networking: TCP/IP, HTTP/HTTPS, DNS, TLS/SSL, Packet Analysis, Network Protocols
Platforms & OS: Kali Linux, Ubuntu, Windows 10/11
Reporting: CVSS Scoring, PoC Development, Vulnerability Reporting & Remediation

Projects

DecoderX - Security Encoding/Decoding Toolkit Nov 2025 - Dec 2025

React | Tailwind CSS | JavaScript decoderx.pages.dev

Built a browser-based security utility for real-time payload encoding/decoding directly applicable to web and API penetration testing workflows.
Supports Base64, Base64URL, URL Encoding, Hex, Binary, Unicode, HTML Entity, ROT13, and Reverse all formats commonly used in payload manipulation during security assessments.
Developed custom encoding/decoding logic with React + Tailwind CSS; optimized for low RAM usage and fast execution for real-time payload testing scenarios.

Personal Portfolio Website

HTML | CSS | JavaScript | Hosted on Netlify vikas-sultane.netlify.app

Designed and developed a personal portfolio website showcasing security projects, tools, and professional profile.
Built with vanilla HTML, CSS, and JavaScript; deployed on Netlify for fast, reliable static hosting.

Certifications

Advanced Cyber Security - TechUnique Academy
OSINT - CCI - TechUnique Academy
Linux - WsCube Tech
Web Fundamentals - Udemy
Computer Networks - Udemy

Education

B.Tech - Electronics & Telecommunication Engineering

Government College of Engineering, Yavatmal 2021 - 2025

HSC (Class XII) | 83%

Jijamata Vidyalaya And Jr College, Naya Andura 2020 - 2021

SSC (Class X) | 75%

Jijamata Vidyalaya And Jr College, Naya Andura 2018 - 2019