About me

Iā€™m Hossein Mahdavi, a bug bounty hunter and web application penetration tester from Iran. I specialize in finding vulnerabilities in web applications and turning complex security challenges into simple, actionable solutions. With speed, precision, and attention to detail, I ensure that every system I test is secure, functional, and resilient against attacks.

My work goes beyond identifying flaws ā€” I provide clear guidance for remediation and help teams implement fixes confidently. Active on Hackravan, I am passionate about raising real-world security standards and making web applications safer, more reliable, and trustworthy for users.

What I'm doing

  • Web App Penetration Testing

    Comprehensive security testing to protect your web applications from vulnerabilities.

  • Bug Bounty Hunting

    Discover and report critical bugs to make apps safer and more resilient.

  • Security Audits & Hardening

    Analyze and harden your systems to prevent attacks and data leaks.

  • Incident Response & Guidance

    Fast triage, actionable advice, and clear remediation for security incidents.

My skills

  • Web Application Security
    0%
  • Penetration Testing
    0%
  • Networking
    0%
  • Linux Security
    80%

Courses & Certifications

  • PHP

    Completed PHP programming course with practical projects and web development experience.

  • Python

    Completed Python programming course focusing on web development and automation.

  • JavaScript

    Advanced JavaScript course covering frontend frameworks and dynamic web apps.

  • Golang

    Completed Go programming course with focus on backend and concurrent systems.

  • CEH

    Certified Ethical Hacker course for penetration testing and cybersecurity fundamentals.

  • Network+

    Network+ certification course covering networking concepts and infrastructure.

  • OWASP

    Completed OWASP web security course with practical web app vulnerability testing.

  • Linux

    Linux administration and command-line proficiency course completed successfully.


Cybersecurity Roadmap

Upcoming Skills & Courses

  1. Web Application Penetration Testing

    Next 6 months

    Focus on OWASP Top 10 vulnerabilities, SQLi, XSS, CSRF, and practical web pentesting exercises.

  2. CEH (Certified Ethical Hacker)

    Next 9 months

    Complete the CEH course, covering footprinting, scanning, system hacking, and social engineering techniques.

  3. Network Security & Network+

    Next 18 months

    Learn network protocols, firewall configurations, IDS/IPS, and secure network architecture principles.

  4. Linux Security & Hardening

    Next 24 months

    Deep dive into Linux server security, permissions, SELinux, firewall rules, and secure service configuration.

  5. Advanced Exploit Development

    Next 36 months

    Develop skills in buffer overflow exploitation, reverse engineering, and crafting advanced payloads.