Gouthaman G — final-year B.Tech Cybersecurity student building toward a career in VAPT and application security, one CTF flag and one custom-built scanner at a time.
I'm a final-year B.Tech Cybersecurity student at Amrita Vishwa Vidyapeetham, Coimbatore, graduating in 2027. My core focus is Vulnerability Assessment & Penetration Testing (VAPT) — I'm currently working toward the Practical Junior Penetration Tester (PJPT) certification and building my offensive security fundamentals through structured lab work on PortSwigger's Web Security Academy.
API security is one of the domains I specialize in within that broader VAPT practice — it's where a lot of my project work lives, because API attack surfaces (BOLA, broken auth, GraphQL misconfigurations) reward exactly the kind of tool-building I enjoy. But my interests extend across web app pentesting, network security, and competitive security research through CTFs.
I learn best by building — if I want to understand a vulnerability class properly, I write a scanner that finds it, then test it against deliberately vulnerable labs until it holds up.
Structured, methodology-driven assessment of web applications and networks — working toward PJPT while practicing on PortSwigger's Web Security Academy and lab environments like crAPI and DVGA.
My specialization within VAPT. Deep, hands-on work with the OWASP API Top 10 — BOLA, mass assignment, broken auth, GraphQL misconfigurations — expressed through Aegis-API and a schema-aware zero-trust gateway.
Sharpening the same instincts under time pressure with Team Hunter — crypto, pwn, web, and reversing across 60+ CTF events, ranked 68th globally and 7th in India in 2026.
A multi-protocol API penetration testing framework I built to properly understand the OWASP API Security Top 10 — not just read about it. It scans REST, SOAP, and GraphQL services end to end: discovering endpoints via Swagger/OpenAPI and WSDL enumeration, mapping GraphQL schemas through introspection, then actively probing for the vulnerability classes that matter most in modern APIs.
An in-progress security gateway that stops one of the most common real-world GraphQL failures: Broken Object Level Authorization. Instead of trusting a resolver to check permissions correctly, the gateway enforces authorization at the schema level under a zero-trust model — every field access is validated against the requester's actual permissions, regardless of what the query looks like.
A network intrusion prevention system built to understand detection and response at the packet level. It inspects traffic in real time with Scapy and enforces blocking decisions dynamically through iptables, rather than relying on static, pre-defined rules alone.
I compete with Team Hunter, an academic CTF team from Amrita Vishwa Vidyapeetham. We're driven by curiosity and a love for hard problems — crypto, pwn, web, and reversing — and we aim to learn something new with every flag we capture.
In 2026 the team placed 68th globally and 7th in India across 60+ competitive events, with several podium and top-5 finishes along the way.