/bug-bounty

Real-world bug bounty research — API security testing, GraphQL exploitation, authentication bypasses, and business logic flaws.

Luno

FinTech / Crypto Exchange

IN PROGRESS

// scope

Financial APIsAccount APIsTrading APIsAddress APIsMarket APIs

Bitso

Crypto Exchange

IN PROGRESS

// scope

ReconnaissanceAPI Security

Under Armour

E-Commerce / Retail

IN PROGRESS

// scope

GraphQL TestingAuthenticationAuthorization & IDORBusiness LogicInjection VulnerabilitiesClient-Side Vulnerabilities

// methodology

All testing follows responsible disclosure practices. Write-ups are sanitized — no active vulnerabilities, credentials, or proprietary information is published. Focus is on methodology and learning.