Amal PK.

Application Security Analyst; freelance VAPT, web, mobile & API pentesting, and source code review.

Kerala, India · Available for freelance engagements

email[email protected] tel+91 90744 90755 View CV ↗

Services

/01

Web Application Pentesting

Manual testing focused on access control, authentication, and business logic - the flaws scanners consistently miss. Findings come with clear reproduction steps and severity.

/02

API & Mobile Pentesting

Security testing for REST and GraphQL APIs and Android/iOS applications. Covers authentication, authorization, object-level access, and sensitive data exposure.

/03

Source Code Review

Reviewing application source to find vulnerabilities at their origin. Useful where black-box testing can't reach, and to confirm the root cause behind a finding.

/04

VAPT & Advisory

End-to-end vulnerability assessment with prioritized, reproducible findings. Includes remediation guidance and retesting once fixes are in place.

Recognition

Responsible disclosure of security vulnerabilities, acknowledged by the following organizations.

Hall of Fame · NASA 2022

Hall of Fame · Lenovo 2024

Hall of Fame · CERT-EU 2025

Hall of Fame · GEA 2024

Certifications

Burp Suite Certified Practitioner BSCP PortSwigger

Certified Ethical Hacker CEH EC-Council

Certified AppSec Practitioner CAP The SecOps Group

Certified Network Security Practitioner CNSP The SecOps Group

Certified Penetration Tester CPT RedTeam Hacker Academy

Certified Blockchain Practitioner CBP The SecOps Group

Hack The Box - Pro Labs: Dante, P.O.O

Writeups

Introduction to Android Security Architecture↗ blog HackTheBox: Fluffy Walkthrough — Windows Seasonal Box↗ blog Dependency Confusion↗ blog

Experience

Jan 2025 - Present

HackIT Technology & Advisory Services - Security Analyst (VAPT)

Web, API, and mobile application pentesting across black, grey, and white box engagements. Own client engagements end to end - scoping, communication, and reporting - delivering findings with severity, reproduction steps, and remediation guidance

Sep 2024 - Jan 2025

HackIT Technology & Advisory Services - Security Analyst Intern (VAPT)

Hands-on application security testing and reporting.

Feb 2025 - Present

Information Security Research Association - Chapter Coordinator

Lead chapter operations and coordinate cybersecurity initiatives across the Kochi community. Organize workshops, seminars, and CTF events for students and security professionals.

About

I'm Amal, an application security analyst focused on web, mobile, and API security. I find the vulnerabilities that actually matter, explain them clearly, and help engineers fix them - whether that's through my day-to-day work or freelance engagements.

I work hands-on and stay close to the research, sharpening through CTFs and ongoing study. For freelance clients that means thorough, manual testing and reporting you can actually act on - not just a scanner dump.

Contact

Phone

BLUESKY

X / Twitter

Résumé