Past Projects
Web Application VAPT
Performed a comprehensive security assessment, identifying critical vulnerabilities and providing mitigation strategies. Ensured the application adhered to security best practices.
Client Review:”Aaryan delivered an in-depth security analysis with detailed findings and remediation steps. Highly professional and thorough!”
Custown.fr
Conducted VAPT for Custown.fr, identifying improper access control and privilege escalation vulnerabilities in their WordPress-based web application. Implemented security measures to prevent unauthorized administrative access.
Client Review:
“Aaryan’s work was of the highest quality. He exceeded expectations by going above and beyond. His initiatives contributed greatly to the project. Highly recommend him for his professionalism.”
Securithings
A leader in IoT security, helping organizations manage and protect thousands of smart devices. Conducted VAPT for Securithings, securing IoT networks, API endpoints, and device authentication to prevent cyber-physical threats.
Client Review:
“Aaryan made great and solid work doing a penetration test for us. He provided nice results and delivered on time. Happy to recommend him to anyone looking for a highly skilled penetration tester.”
Risk Analyzer for Jira
A risk management tool trusted by enterprise teams to monitor and mitigate project risks. Conducted VAPT for Risk Analyzer for Jira Pro, strengthening data privacy, authentication mechanisms, and API security to ensure compliance with security best practices.
Client Review:
“Aaryan’s security expertise ensured a thorough analysis of our application, identifying key vulnerabilities and strengthening our defenses. Highly recommended for his structured and professional approach.”
MobiFacil
One of Brazil’s largest bus booking platforms with over 2 million monthly active users. Conducted VAPT for MobiFacil, covering their web, Android, and iOS applications to identify and mitigate security vulnerabilities. Strengthened payment security, authentication mechanisms, and API protection to safeguard transactions.
wizardingpalace
WizardingPalace is a large-scale browser-based fantasy RPG with thousands of active users engaging in quests, magical education, and competitive gameplay. I was hired to perform a full-stack security assessment of the platform, including web application penetration testing and external infrastructure scanning. The engagement involved identifying real-world vulnerabilities in player authentication, session handling, and in-game logic, and delivering a detailed CVSS-scored report with actionable remediation—ensuring the platform remains secure for its growing user base.
Marathon Customer Portal
A digital gateway for Marathon Group customers to manage payments, view updates, seek support, and refer friends—all via web (and mobile via app links). Performed VAPT on the web-based customer portal, securing authentication flows, session management, payment interfaces, and data protection to ensure safe and smooth user interactions
Client Review:
“Aaryan was highly professional in conducting the web application VAPT for our customer portal. He identified critical issues, provided clear proof-of-concepts, and delivered a detailed report with actionable recommendations. Communication was smooth, and the work was completed on time with great attention to detail. We are very satisfied with his contribution and would gladly work with him again.”
Past Projects
FrogBar
A blockchain-powered cryptocurrency platform built on the Solana network. Conducted VAPT for FrogBar, identifying smart contract vulnerabilities, wallet security risks, and transaction integrity flaws to fortify the platform’s blockchain security.
Client Review:
“Aaryan exceeded all expectations. His expertise, thoroughness, and detailed reports significantly enhanced our security. Highly recommend him for top-notch penetration testing!”
Credit-DIY
An AI-powered credit repair platform helping users improve their credit scores. Conducted VAPT for CreditDIY, enhancing user data protection, AI system security, and platform integrity to safeguard financial information.
Client Review:
“I enjoyed working with Aaryan and was thoroughly impressed with his professionalism and dedication. He delivered high-quality work, met all deadlines, and exceeded our expectations.”
Crowdlink
A leading equity crowdfunding platform in Mexico, connecting investors with high-growth startups. Performed VAPT for Crowdlink.mx, securing financial transactions, authentication systems, and API communications to protect investors and businesses from cyber threats.
Client Review:
“Aaryan made an awesome work on the platform that was tested. I highly recommend him for his ability to not only determine criticality based on the technicalities of a platform but also on a risk-based approach.”
HireWand
An AI-driven recruitment automation platform trusted by 5,000+ recruiters managing over 20 million resumes. Performed VAPT for HireWand, securing their AWS infrastructure, EC2 instances, and web application to mitigate data privacy risks and cloud misconfigurations.
Client Review:
“Aaryan conducted a thorough security assessment of our cloud infrastructure and web application. His detailed findings and recommendations helped us significantly improve our security posture. Highly professional and efficient!”
SOLBOX
Conducted VAPT for SolBox, a decentralized gift economy platform operating on Solana. The assessment focused on their web application and transaction model, uncovering key risks such as insecure API endpoints and insufficient input validation within the smart contract interaction layers. Recommended and assisted in the implementation of key security measures to ensure safer DeFi reward mechanisms for users.
Client Review:
“Aaryan’s security audit was eye-opening and precise. He not only found real issues but provided actionable, developer-friendly fixes. Great communication throughout and a genuinely collaborative approach. Definitely coming back for the next phase.”
JustIN
A digital platform offering innovative solutions across web and mobile. Performed VAPT for Infolabo, covering its web application, Android and iOS apps, and APIs to identify and remediate security vulnerabilities, strengthening overall platform security.
Client Review:
“Someone who wants to go the extra mile and give you a good impression. Kind and helpful.”
Mobiuse
A comprehensive solution by a leading Brazilian mobility group for managing and optimizing corporate shuttle services—including real-time trip tracking, QR code–based check-in, route planning, occupancy insights, and a web portal for administration and analytics mobiuse.com.br . I conducted full-stack VAPT covering the web platform, Android, and iOS apps, strengthening authentication, data transmission, session control, and mobile-specific attack vectors.
Client Review:
“Aaryan delivered exceptional VAPT services for our platform—meticulously analyzing our web portal and mobile apps. He uncovered critical vulnerabilities, furnished crystal-clear proof-of-concepts, and provided actionable recommendations. His proactive communication and on-time delivery stood out. We’re thoroughly impressed and happy to have partnered with him.”
Footbao
A fast-growing soccer news and analytics platform delivering real-time updates to thousands of users. Performed VAPT for Footbao, securing its web application, authentication mechanisms, and API communications, ensuring data integrity and platform security.
Client Review:
“The work was completed perfectly and exactly as we agreed! He was quick and carried out all the contracted points on time, often showing great proactivity.”
B4E
Performed VAPT for the Super Admin Portal, identifying vulnerabilities in rate limiting, text injection, and API security. Strengthened security controls and enforced best practices to prevent unauthorized access.
Client Review:
“Aaryan kept me updated throughout the project and provided a detailed report. Highly recommend him for any security testing needs!”
Spreadautomator
An AI-based financial analytics platform used by institutional investors. Performed VAPT for SpreadAutomator, focusing on financial data security, API integrity, and access control mechanisms to prevent unauthorized transactions and data breaches.
Client Review:
“Aaryan’s security expertise helped us uncover and fix major vulnerabilities, ensuring a more secure platform. Highly professional and efficient in delivering results.”
BPN (Backlog Prioritization for Jira)
Performed VAPT for the BPN application, identifying data exposure, clickjacking risks, and improper token transmission. Strengthened security by enforcing secure API communication, Content Security Policy (CSP), and access controls.
Client Review:
“Exceptional work done by him. We highly recommend him to anyone seeking reliable and outstanding results.”
KIS 2.0
A widely used mobile platform offering seamless services to its growing user base. Conducted VAPT for KIS 2.0, focusing on Android and iOS applications to strengthen authentication security, API protection, and data encryption against cyber threats.
Client Review:
“Aaryan’s expertise in mobile and web security testing helped us identify and fix critical vulnerabilities in KIS 2.0. His detailed insights and professional approach made a significant impact on our security.”
unxplrd
Performed a full security assessment to meet Amazon’s Selling Partner API (SP-API) compliance requirements. This included: Web application penetration testing focusing on authentication, authorization, and session management vulnerabilities External network vulnerability assessment using Nessus to validate firewall configuration, port exposure, and CVE risk Delivered a detailed report with CVSS-based scoring, vulnerability breakdowns, and remediation guidance tailored for SP-API audit submission
Client Review:
“We hired Aaryan Saharan to perform both a web application security test and an external network vulnerability assessment as required by Amazon SP-API. The tests were professionally executed, and the final report confirmed there were no critical or high-risk issues. The documentation is detailed, clear, and fully aligned with Amazon’s security compliance standards.”
JustIN
A digital platform offering innovative solutions across web and mobile. Performed VAPT for Infolabo, covering its web application, Android and iOS apps, and APIs to identify and remediate security vulnerabilities, strengthening overall platform security.
Client Review:
“Aaryan did an excellent job performing VAPT on our Flutter app for both Android and iOS platforms. He was thorough, professional, and delivered detailed findings along with clear recommendations for improvement. Communication was smooth throughout the project, and he met all deadlines as promised. Highly recommended for any mobile app security testing work!”
