Automate Jenkins — SonarQube integration. Get lazy.

A good sign of a secure application is when both dynamic and static assessment find bugs before anyone else can weaponize them against your application in production. However, it gets challenging when the count of application repositories is high and you don’t want to miss any major vulnerabilities, as most of the security issues can be found in a quality code review. Now, assume a scenario where you have 100+ repositories and you want to ensure code quality, find bugs & vulnerabilities, code smells, etc. (i.e., perform SAST) of your code, before it goes public.

Using these, you can implement…

Setting up Android testing environment if you’re looking for a platform other than Genymotion by creating rooted AVD in Android Studio

For a security enthusiast, a rooted android device is essential to perform dynamic assessments of android applications. They either rely on a physical device, or a virtual device. The disadvantage of going for a physical device is the cost it incurs, the malfunctioning you may cause when rooting the device if a step goes wrong, or worse, leaving your device non-functional / bricked. A bricked device essentially means that the device will not function at all, unless remediating measures…


With the advent of smartphones since 2010, Android has substantially increased as choice of Operating System to be used in smartphones after iOS. So much so, that statistics show that Android has a market coverage of 86.6% worldwide. Android has been built on top of Linux kernel, and the main contributor, as well as commercial marketer is Google. Just like Windows supports .exe applications for its executables, Android applications are of the format .apk

With Android capturing attention of consumer media, it has also grabbed the attention of cyber security world as well. Issues such as untrusted APKs, phishing via…

My review on AWAE course and corresponding OSWE exam

I personally love The Web Application Hacker’s Handbook, since it is regarded as the Bible of black box web application security testing by many web application security researchers, and bug bounty hunters. The book speaks heavily about finding security issues that lay in a web application without having access to its source code. But some issues are harder to find, not easy to spot, just because they lie deep down as a mystery in the source code. …

It was a 9 month journey but on 8th of February I passed and became an OSCP on my 1st attempt.


Before I begin, I would like to thank a couple of people who made this amazing milestone come true.

First, I want to dedicate this post to my parents. Thank you for giving me the time to focus on this and also to prepare for this journey. I know during my journey I did not get to spend much time with you since I was pretty much on the computer every single day just prepping for this. I cannot…


A security professional. I break things. I fix things. OSCP. OSWE. Spreading the knowledge :)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store