🎯 Aspiring Cybersecurity Engineer | OWASP Contributor | GSoC 2026 Aspirant
🔐 Focused on Web Security, Open Source & Security Automation

I am a cybersecurity enthusiast passionate about:

• Web penetration testing
• Open-source security tools
• Writing clear, practical security documentation
• Automating security testing workflows

I actively contribute to OWASP projects and am preparing for Google Summer of Code (GSoC) 2026 with a strong focus on real-world security tooling.

I am actively preparing for Google Summer of Code 2026, with a primary interest in:

• OWASP Dependency-Check
• OWASP WSTG
• OWASP tooling & documentation automation

My focus areas:

• Improving security tooling reliability
• Documentation → code alignment
• Reducing false positives & improving developer experience

I am currently working on issues, PR reviews, and design discussions related to these areas.

• 📘 Documentation: External data sources & hostnames — #8219

• Documented all external data sources and hostnames contacted by Dependency-Check based on enabled analyzers and configuration
• Added a clear, auditable table to help organizations with restricted or air-gapped networks create accurate allow-lists
• Verified hostnames directly from the codebase and clarified indirect vs analyzer-specific network access
• Improved enterprise adoption and reduced recurring support questions
• Merged into main and included in release milestone 12.2.1

• ✍️ Improve API docs (ToC, guidance) — #247
• Added general guidance for using the ZAP API with curl, addressing common pitfalls such as parameter encoding and boolean handling
• Improved API usability without modifying generated or endpoint-specific documentation
• Incorporated maintainer feedback to keep the change narrowly scoped and maintainable
• Reduced recurring user errors when interacting with the ZAP API via curl

• 📝 Fixed outdated cache-control security guidance by aligning recommendations with modern browser behavior and current best practices (e.g., Cache-Control: no-store), improving the accuracy of security testing outcomes and reducing tester confusion. #1291

🎮 Playful STRIDE-aligned AA4 card description — #2113

• Authored a humorous, scenario-driven threat description aligned with MASVS and MASTG
• Followed established STRIDE categorization patterns (AA2/AA3 examples)
• Reviewed and merged by project maintainers

• Platform-related improvements across backend and frontend components
  PRs currently under maintainer review

🔹 Repository: security-writeups
Includes:

• Vulnerability write-ups (PDFs)
• Header scanning tool
• URL parameter discovery script
• OWASP ZAP automation scripts

🔗 https://github.com/SachinAditya/security-writeups

• Web Penetration Testing (OWASP Top 10)
• XSS, SQLi, IDOR, CSRF, SSRF
• Recon & vulnerability discovery
• OWASP ZAP automation
• Secure coding practices

All security research and testing is performed only on:

• Legal labs
• Test environments
• Systems with explicit permission

No illegal or unauthorized testing.

• GitHub: https://github.com/SachinAditya
• LinkedIn: https://linkedin.com/in/aditya-devraj-sachin

⭐ Always open to collaboration, open-source contributions, and security discussions.