SURAJ DISOJA

HACKER | SECURITY CONSULTANT | RESEARCHER

I’m a security researcher and penetration tester specializing in application security, secure code review, and real-world attack chains.

I’ve responsibly disclosed critical and high-severity vulnerabilities to 100+ global organizations, including Amazon, PayPal, Stripe, Meta, and Zoom. I’m ranked among the top 1% of security researchers worldwide on HackerOne and Bugcrowd, with a focus on high-impact, business-critical vulnerabilities.

How can I help?

Application Pentest

Manual and automated penetration testing for web and API applications to identify critical security issues such as authentication flaws, authorization bypasses, injection vulnerabilities, and business logic bugs.

Each engagement includes detailed findings, proof-of-concept exploits where applicable, and clear remediation recommendations tailored to your technology stack and development workflow.

Security Consultation

I help teams improve security through architecture reviews, secure design guidance, and threat modeling.

This includes identifying risks early in the development lifecycle and providing actionable recommendations that balance security and business needs.

Managed Triage

I help organizations manage and triage security findings from penetration tests, bug bounty programs, and automated security tools.

This includes validating reported issues, eliminating false positives, prioritizing vulnerabilities based on real risk, and working with engineering teams to ensure effective remediation.

Organizations worked with