Hi, I'm Sharique Baig
I'm a cybersecurity professional specializing in penetration testing, vulnerability assessment, and security consulting.
With hands-on experience conducting real-world security assessments for e-commerce platforms and academic systems, I combine technical depth with practical offensive security skills. My approach follows industry-standard methodologies โ OWASP WSTG, OWASP Top 10 โ and I deliver actionable findings with complete remediation roadmaps.
Beyond security testing, I bring expertise in full-stack development, AI/ML, and embedded systems, giving me a unique perspective on securing applications across the entire technology stack.
Comprehensive offensive and defensive security solutions for modern businesses.
Simulated real-world attacks on your web applications, APIs, and infrastructure to uncover vulnerabilities before attackers do.
Automated and manual scanning to identify security weaknesses across your applications, cloud infrastructure, and source code.
Architecture review, remediation guidance, and priority roadmaps to strengthen your security posture and meet compliance goals.
Building applications with security baked in from day one โ secure coding practices, DevSecOps, and container hardening.
Real-world security assessments with sanitized details to protect client confidentiality.
Full-stack web application penetration test on a luxury product marketplace
Extracted hardcoded API key from client-side JavaScript. Dumped full database schema (28 tables) and exfiltrated product, store, and internal data directly via PostgREST API โ bypassing the application entirely. CVSS 9.1.
Order tracking endpoint required no authentication. Sequential order numbers allowed enumeration of all customer orders and sensitive delivery information.
Authentication synchronization endpoint accepted role parameters from client requests, enabling potential escalation from customer to admin privileges.
Django admin panel, Swagger docs, and API schema publicly accessible. robots.txt disclosed 12+ sensitive internal paths.
CSP implemented via meta tag instead of HTTP header. Missing critical directives and unsafe-inline allowing potential XSS exploitation.
Gray box penetration test on a student management system handling sensitive academic data
Login endpoint directly concatenated user input into SQL query. Confirmed via syntax error triggering and comment injection. Enables full authentication bypass and database extraction.
Two-factor authentication OTP sent to email address from client request body instead of server session. Attacker can redirect OTP to their own email for full account takeover.
Session upgraded to "fully authenticated" immediately after first-factor login. Any arbitrary code accepted. Direct URL navigation bypasses 2FA entirely โ zero security value.
Password reset OTP can be redirected to attacker-controlled email by modifying the request body. Total account takeover of any user.
Password reset functionality downgrades to plaintext HTTP. Credentials transmitted in cleartext, enabling network-based interception.
Appending ?role=admin to API requests returns admin-level data. URL params override
session data, exposing administrative functionality to low-privilege users.
After a previous security incident, all user passwords remained unchanged for 3+ months. Any stolen credentials from the prior attack remain valid.
End-to-end secure web development and digital strategy for an industrial chemical business
Designed the full e-commerce platform with HTTPS enforcement, auto-SSL via Vercel, secure authentication, and input validation from day one.
Comprehensive competitor analysis, SEO strategy, and WhatsApp automation integration tailored for the Pakistani market.
Post-launch documentation covering SSL management, DNS optimization, backup procedures, and ongoing security monitoring.
Independent security research on an AI note-taking platform
Discovered that the platform's avatar upload accepted SVG files without sanitizing their contents. SVG files can embed JavaScript and HTML โ enabling potential Stored XSS. While the impact was limited in this case (avatars weren't publicly displayed to other users), the lack of server-side validation represented a significant security gap. The vulnerability was subsequently patched by the vendor.
A structured, methodology-driven approach to uncovering and remediating security vulnerabilities.
Passive and active recon to map the attack surface โ technology fingerprinting, subdomain enumeration, API endpoint discovery, and client-side source code analysis.
Combining automated scanning (Burp Suite, ZAP, ffuf) with manual testing against OWASP WSTG and Top 10 to identify security weaknesses across the entire application stack.
Safe, controlled exploitation with clear evidence capture โ screenshots, HTTP requests/responses, and reproducible steps. No destructive actions.
Application-specific tests targeting payment flows, privilege escalation, authentication bypass, and workflow manipulation that automated tools miss.
Detailed report with executive summary, technical findings (CVSS scored), step-by-step reproduction, and prioritized remediation recommendations.
Post-remediation validation to confirm fixes are effective. Building a long-term partnership for ongoing security assurance.
While exploring NoteGPT โ an AI-powered note-taking platform โ I decided to test their file upload functionality. When I tried uploading an SVG file as my avatar, I noticed something interesting: the platform accepted it without any sanitization.
SVG files aren't just images โ they can contain embedded JavaScript. This means a crafted SVG could execute arbitrary code in users' browsers. While the impact was limited here since avatars weren't publicly visible to other users, the lack of server-side validation was a real security gap.
The vulnerability was eventually fixed. It taught me that sometimes the most interesting vulnerabilities hide in the most mundane features โ like a profile picture upload.
At the STEMX Winter School, I designed and delivered a 5-day intensive cybersecurity curriculum for students from grades 8 to 12. I taught them about real-world vulnerabilities โ SQL Injection, Cross-Site Scripting, CSRF โ through hands-on labs where they could see attacks working in safe, controlled environments.
The most rewarding part? Watching them grow over those 5 days. Students who walked in knowing nothing about security left with the skills to safeguard themselves online. That transformation โ from curiosity to capability โ is why I believe security education should start early.
"Hacking isn't about breaking rules โ it's about thinking critically and understanding how systems work so you can protect them."