Alperen alpernae
Highlights
- Pro
I’m an application security researcher and tool developer who treats security as a product feature. I hunt vulnerabilities through bug bounties, run intensive fuzzing campaigns, and build automation to catch flaws earlier in the pipeline. I’m exploring AI-assisted triage and detection to scale secure development across teams. Always open to collaborating on tooling, audits, or POCs.
🔍Focus: Crushing app vulnerabilities, hunting bugs and automating security testing.
🛠️Current Project:AuthMutator — Burp Suite extension for experimenting with authentication issues and attack simulations.
🌱Learning:Game Hacking — exploring memory manipulation, cheat detection, and reverse engineering.
🤝Collaborating On: Open-source tooling for CI/CD security and automated app-sec workflows.
💡Fun Fact: I once found a critical bug at 3 AM fueled by coffee and sheer curiosity — caffeine + curiosity = 🔥.
I actively hunt for security flaws and share my findings responsibly. Here are a few notable vulnerabilities I've uncovered:
CVE-2024-40422 – Path Traversal in DEVIKA-AI.Details
This vulnerability allowed attackers to access sensitive files on the server, highlighting the importance of strict input validation in AI platforms.CVE-2022-54321 – SQL Injection in an E‑Commerce CMS.Details
A classic SQL injection flaw that could expose customer data. It reinforced my focus on automating detection of injection issues in web applications.CVE-2020-35241 – Cross-site Scripting in FlatPress CMS.Details
This XSS vulnerability demonstrated how even small content management systems can pose significant security risks if input is not properly sanitized.
I love sharing what I learn from my security research and bug bounty adventures. Here’s a glimpse of my recent posts:
- Uncovering Path Traversal in Devika v1: A Deep Dive into CVE-2024-40422
I walk through how I discovered this path traversal vulnerability in Devika v1, the risks it posed, and the steps I took to mitigate it.
PinnedLoading
- AIHTTPAnalyzer
AIHTTPAnalyzer PublicAIHTTPAnalyzer revolutionizes web application security testing by bringing artificial intelligence capabilities to Burp Suite. This innovative extension harnesses the power of AI to automate vulner…
- AuthMutator
AuthMutator PublicAuth Mutator is a Burp Suite extension that helps you experiment with mutated authentication requests while keeping the original traffic intact. It applies user-defined replace rules, removes authe…
- vulnerability-research
vulnerability-research PublicPython
If the problem persists, check theGitHub status page orcontact support.
Uh oh!
There was an error while loading.Please reload this page.