Open to opportunities

Hi, I’m Sefat Khan

Ethical Hacker & Cyber Security Specialist

I help teams find and fix vulnerabilities before attackers do. From recon and exploitation to remediation and defense‑in‑depth, I deliver practical security improvements and clear, actionable reports.

View Projects About Me
✉️ f in

Skills

🛡️

Penetration Testing

Red-team mindset with practical exploitation and crisp remediation reports.

  • OWASP
  • Burp
  • Auth
🧭

Vulnerability Assessment

Systematic scanning, prioritization, and actionable risk reduction plans.

  • Nmap
  • Nessus
  • CVSS
🌐

Web Security

Secure coding, hardened authN/Z, and modern appsec headers & patterns.

  • JWT
  • CSP
  • OAuth
🕸️

Network Security

Hardening, segmentation, IDS/IPS tuning, and incident response drills.

  • SIEM
  • Zero Trust
  • WAF
🔍

Digital Forensics

Evidence handling, timeline analysis, and clear chain‑of‑custody.

  • DFIR
  • Memory
  • Artifacts
🏆

Bug Bounty

Efficient recon, high‑signal findings, and professional disclosure.

  • Recon
  • PoC
  • Reporting
🎓

Cyber Awareness

Engaging training, phishing simulations, and measurable culture shifts.

  • Workshops
  • Playbooks
  • Policy

Certifications

CEH

Certified Ethical Hacker

Demonstrates practical knowledge of attack vectors, exploitation, and mitigation.

Provider: EC‑Council Focus: Red Team
OSCP

Offensive Security Certified Professional

Hands‑on penetration testing with proctored exam and real‑world exploitation.

Provider: OffSec Focus: Exploitation
Sec+

CompTIA Security+

Foundation in security principles, risk management, and network protection.

Provider: CompTIA Focus: Fundamentals

Projects & Case Studies

Web App PenTest

Security

End‑to‑end web application penetration test: uncovered auth bypass and stored XSS; delivered fixes, security headers, and regression tests.

  • OWASP
  • Burp
  • CSP
ReportXSSHardening
Case Study Demo

Network Hardening

Infra

Network hardening engagement: segmentation, IDS/IPS tuning, and SIEM alerting to reduce MTTD/MTTR and blast radius.

  • SIEM
  • IDS/IPS
  • Zero Trust
BaselineMonitoringPlaybooks
Overview Docs

Bug Bounty Findings

Disclosure

Coordinated vulnerability disclosures with reproducible PoCs, severity assessment, and clear impact narratives.

  • Recon
  • PoC
  • Reporting
DisclosureWrite‑upCredits
Write‑up Report

Blog

Hardening Next.js Apps

Guide

Sep 2025 · Security Engineering · 8 min read

Modern security headers, auth patterns, and CI checks that raise the baseline for Next.js deployments.

  • CSP
  • OAuth
  • Headers
Read Share

From Recon to Report

Bounty

Aug 2025 · Bug Bounty · 7 min read

A repeatable approach for finding meaningful issues and writing clear, actionable reports.

  • Recon
  • PoC
  • Write‑ups
Read Share

Zero‑Trust for Small Teams

Architecture

Jul 2025 · Architecture · 6 min read

Lightweight steps that dramatically reduce blast radius without slowing delivery.

  • SSO
  • RBAC
  • Network
Read Share

Practical CSP: From None to Strict

Guide

Jun 2025 · Web Security · 9 min read

How to iteratively deploy CSP safely, avoid common pitfalls, and actually block XSS.

  • CSP
  • Nonce
  • Report‑Only
Read Share

Testimonials

“Sefat identified a critical auth bypass in days and guided our team to a robust fix without slowing delivery.”
CTO, SaaS Startup Web App Penetration Test
“Clear, actionable reports. Our MTTD dropped significantly after his SIEM + IDS/IPS tuning recommendations.”
Head of Infra, Fintech Network Hardening
“Professional, ethical, and thorough. Coordinated disclosure handled flawlessly with reproducible PoCs.”
Security Lead, Marketplace Responsible Disclosure

About Me

  • 🏙️ Based in Pirojpur, Parisal, Bangladesh
  • 🟢 Open to Work
  • 📅 5+ Years Experience

I’m a security‑focused full‑stack developer who loves building fast, accessible experiences—and breaking things (responsibly) to make them stronger. I blend engineering discipline with an attacker mindset to design, test, and ship software that’s delightful to use and difficult to abuse.

Recent work: hardening cloud‑native apps, leading red‑team style reviews, building CI/CD guardrails, and mentoring teams on secure‑by‑default patterns.

0Experience (yrs)
0Projects
0Reports Fixed
TypeScriptNext.jsNode.jsDockerPostgreSQLBurpNmapOWASP
View Work Let’s Collaborate

  • Penetration Testing

    Web, mobile, and API testing with actionable remediation.

  • Secure Engineering

    Threat modeling, least‑privilege, and secure‑by‑default design.

  • Automation & Tooling

    CI checks, SAST/DAST pipelines, and custom scripts.

  • Security Culture

    Workshops, playbooks, and empathetic collaboration with teams.

Send a Message

This is a demo form. No data is sent.