Muhammad Khizer Javed

OSCP+ | OSCP | Breaking Apps to Build Better Security | Hacker | BlackHat Speaker | Security Analyst

Lahore, Punjab, Pakistan

About

I’m an OSCP+ certified Security Analyst, Penetration Tester, and Security Researcher with more than 10 years of hands-on experience in offensive security, bug bounty hunting, and vulnerability research. My work spans web applications, APIs, mobile applications, cloud environments, and internal and external infrastructure. I conduct end-to-end security assessments covering scoping, reconnaissance, vulnerability discovery, exploitation, impact validation, technical reporting, remediation guidance, and retesting. Alongside professional penetration testing, I remain actively involved in bug bounty hunting and responsible vulnerability disclosure through platforms including HackerOne and Bugcrowd. My security research has been recognised by more than 500 organisations, including Apple, Microsoft, Meta, the Government of Singapore, and the United States Department of Defense. I’m also passionate about knowledge sharing and contributing to the cybersecurity community. I have delivered security sessions at universities and spoken at local and international cybersecurity conferences, including two appearances at Black Hat Middle East and Africa. My primary areas of focus include: • Web application and API penetration testing • Mobile application security testing • Internal and external infrastructure assessments • Cloud and identity security • Vulnerability research and responsible disclosure • Exploitation and real-world attack-path validation • Technical reporting, remediation guidance, and retesting I’m continuously working to deepen my technical expertise, take on challenging security assessments, and help organisations identify and address meaningful security risks before they are exploited by attackers.

Experience

  • Security Analyst at Telspace Africa
    Jun 2026 - Present · 2 mos

    Performing end-to-end penetration testing and security assessments for Telspace across web applications, APIs, mobile applications, cloud environments, and internal and external infrastructure. Key responsibilities include: • Conducting black-box, grey-box, and authenticated security assessments based on defined scopes and rules of engagement. • Identifying, validating, and safely demonstrating exploitable vulnerabilities and real-world attack paths. • Assessing web applications, APIs, mobile applications, network infrastructure, cloud environments, identity controls, and security configurations. • Performing reconnaissance, vulnerability analysis, exploitation, privilege escalation, lateral movement validation, and post-exploitation activities where authorised. • Producing detailed technical and executive reports containing evidence, business impact, risk ratings, and actionable remediation guidance. • Collaborating with project managers, technical teams, and client stakeholders throughout scoping, testing, remediation, and retesting. • Supporting offensive security research and continuously improving assessment methodologies, tooling, and reporting quality.

  • Senior Consultant at OraSec
    Sep 2025 - Present · 11 mos

  • Bug Bounty Researcher at Bugcrowd Inc
    Aug 2015 - Present · 11 yrs

    Bug Bounty Hunting

  • Bug Bounty Researcher at HackerOne
    Oct 2015 - Present · 10 yrs 10 mos

    Bug Bounty Hunting

  • Security Researcher at intigriti
    Dec 2018 - Present · 7 yrs 8 mos