Vikas Gopal Sultane

Security Test Engineer | VAPT Analyst
+91-9022243296
vikassultane214@gmail.com
Pune, Maharashtra
LinkedIn Portfolio

Professional Summary

Security Test Engineer with 1+ year of hands-on experience in Web Application and API Penetration Testing (VAPT), specializing in identifying and exploiting vulnerabilities aligned with OWASP Top 10 and OWASP API Security Top 10 standards. Successfully discovered and validated 15+ critical and high-severity vulnerabilities, including IDOR/BOLA, SQL Injection, Privilege Escalation, Business Logic Flaws, and Authentication Bypass. Proficient in manual security testing, vulnerability assessment, proof-of-concept (PoC) development, CVSS scoring, and remediation validation utilizing Burp Suite, SQLMap, Postman, Python, and Linux-based security tools.

Work Experience

Security Test Engineer

Apr 2025 - Present
Vmedulife Software Pvt. Ltd. Pune, Maharashtra
  • Executed manual Web Application and API penetration testing; identified 15+ critical and high-severity vulnerabilities across staging environments, strictly aligning with OWASP Top 10 and OWASP API Security Top 10.
  • Exploited IDOR/BOLA by manipulating object references to access unauthorized user records; successfully chained this with authentication token reuse to demonstrate full account takeover across 3 distinct user roles.
  • Discovered Blind and Boolean-based SQL Injection in API endpoints using manual payloads and SQLMap; bypassed Web Application Firewall (WAF) filters via strategic encoding and fragmentation techniques.
  • Achieved unauthorized Privilege Escalation from a standard user to admin-level access, exposing both horizontal and vertical privilege flaws.
  • Identified critical Business Logic vulnerabilities, including race conditions on OTP/coupon endpoints, rate limit bypass via IP rotation, X-Forwarded-For header spoofing, and workflow sequence manipulation.
  • Built and executed 100+ comprehensive API security test cases covering mass assignment, excessive data exposure, broken function-level authorization, and CORS misconfigurations.
  • Delivered detailed, CVSS-scored vulnerability reports backed by PoC evidence; collaborated closely with developers and QA teams to track remediation progress and verified final sign-off for each finding.

Cybersecurity Intern

Dec 2024 - Jan 2025
Extion Infotech Remote
  • Conducted rigorous network vulnerability assessments utilizing Nmap, Nessus, and Metasploit, successfully identifying 8+ critical misconfigurations across Windows-based systems.
  • Executed the full penetration testing lifecycle: scoping, enumeration, exploitation, and professional reporting across 2 distinct network segments.
  • Delivered structured mitigation reports featuring accurate CVSS severity ratings and actionable remediation steps for every identified finding.

Technical Skills

Security Testing: Web Application Security (OWASP Top 10), API Security Testing (OWASP API Top 10), VAPT, Business Logic Testing, Authentication & Authorization Testing, Session Management, Privilege Escalation, Race Conditions, IDOR/BOLA.
OSINT & Recon: OSINT, GEOINT, SOCMINT, Metadata Analysis, Google Dorking, Shodan.
Security Tools: Burp Suite, Postman, SQLMap, Nmap, Nessus, OpenVAS, Metasploit, Wireshark, OWASP ZAP, Acunetix.
Programming: Python (Automation, Exploit Scripting), Bash Scripting.
Networking & OS: TCP/IP, HTTP/HTTPS, DNS, TLS/SSL, Kali Linux, Ubuntu, Windows 10/11.

Projects

DecoderX - Security Encoding/Decoding Toolkit

Nov 2025 - Dec 2025
React • Tailwind CSS • JavaScript | decoderx.pages.dev
  • Engineered a browser-based security utility for real-time payload encoding and decoding, directly applicable to modern web and API penetration testing workflows.
  • Integrated support for Base64, Base64URL, URL Encoding, Hex, Binary, Unicode, HTML Entity, ROT13, and Reverse—encompassing all formats frequently utilized in payload manipulation during sophisticated security assessments.
  • Developed custom encoding/decoding logic leveraging React and Tailwind CSS; optimized the architecture for minimal RAM footprint and instantaneous execution in real-time testing scenarios.

Personal Security Portfolio Website

HTML • CSS • JavaScript • Netlify | vikas-sultane.netlify.app
  • Architected and developed a responsive personal portfolio website to showcase professional security projects, proprietary tools, and career milestones.
  • Built utilizing pure HTML, CSS, and JavaScript, and successfully deployed via Netlify to ensure high availability and fast static asset delivery.

Certifications

  • Advanced Cyber Security - TechUnique Academy
  • OSINT - CCI - TechUnique Academy
  • Linux Administration - WsCube Tech
  • Web Fundamentals - Udemy
  • Computer Networks - Udemy

Education

B.Tech - Electronics & Telecommunication Engineering

Government College of Engineering, Yavatmal
2021 - 2025

HSC (Class XII) | 83%

Jijamata Vidyalaya And Jr. College, Naya Andura
2020 - 2021

SSC (Class X) | 75%

Jijamata Vidyalaya And Jr. College, Naya Andura
2018 - 2019