Atharv Pandit

About Me

I'm a security researcher and engineer who spends most of my time breaking, fixing, and writing about systems. I work across web app security, cloud, and low-level vulnerability research, and publish CVEs, blog posts, and tooling when I find something worth sharing.

Offensive Security
Vulnerability Research
Cloud Security
CTF Player

Experience

Security Engineer

Nenosystems Consulting Services · Indore, India

Jun 2022 — Jul 2024

Served as security reviewer for the org’s ERP and SSO product, performed pre-merge code review on Python and PHP applications, and threat modeling on auth, RBAC, MFA and session flows, caught IDOR, broken access control and auth bypass issues before production deployment.

Led recurring web app pentests against company’s critical web applications and APIs (OWASP Top 10 and OWASP ASVS) and wired SAST, DAST and SCA into CI/CD pipelines with build-breaking gates, which cut critical/high findings reaching production by 70%.

Shipped reusable AppSec guardrails like hardened auth libraries, IaC policy-as-code and IAM/network baselines aligned to ISO 27001 and CIS frameworks, which effectively closed 10 audit gaps across the products’ hybrid on-prem and AWS footprint.

SWE Intern

Nenosystems Consulting Services · Indore, India

Jan 2022 — May 2022

Built Python and Flask REST APIs for the company’s multi-tenant SSO product, shipping user, role and permission management endpoints alongside session handling and activity logging.

Education

Master of Engineering in Cybersecurity

University of Maryland, College Park · College Park, Maryland

2024 — 2026

Specialized in cybersecurity and systems. Active member of the CTF team and cyber club.

GPA: 4.0 / 4
Member of the university CTF team

Bachelor of Technology in Computer Science

Acropolis Group of Institutions · Indore, India

2018 — 2022

GPA: 7.54 / 10
Published undergrad thesis on web authentication flaws

CVEs & Publications

Disclosed vulnerabilities and selected writing.

CVEs

CVE-2024-XXXXXCritical

Authentication bypass in Example Product

Example Product v1.2.x · 2024

Improper validation of session tokens allowed unauthenticated attackers to impersonate arbitrary users.

Read advisory

CVE-2023-XXXXXHigh

Stored XSS in Another Product

Another Product v3.x · 2023

User-supplied markdown was rendered without sufficient sanitization, leading to stored cross-site scripting against admin users.

Read advisory

Publications

Medium2024

Sample blog post on a vulnerability class

A deep dive into a class of authentication bypasses I've been seeing across modern SaaS apps.

Conference Name 20232023

Conference talk: Title goes here

Presented research on novel exploitation primitives in cloud-native deployments.

Certifications

GSEC

GIAC

April 2026

Verify

GFACT

GIAC

January 2026

Verify

eJPT

INE

September 2025

Verify

Certified in Cybersecurity

ISC2

March 2025

Verify

Security+ SY0-701

CompTIA

February 2025

Verify

Atharv Pandit

Security engineer and researcher focused on offensive security, vulnerability research, and building tooling that makes the web safer.

About Me

Experience

Security Engineer

SWE Intern

Education

Master of Engineering in Cybersecurity

Bachelor of Technology in Computer Science

CVEs & Publications

CVEs

Authentication bypass in Example Product

Stored XSS in Another Product

Publications

Sample blog post on a vulnerability class

Conference talk: Title goes here

Certifications

GSEC

GFACT

eJPT

Certified in Cybersecurity

Security+ SY0-701