Hi, I'm Rushikesh

View My Work

Cybersecurity Enthusiast | Web Vulnerability Tester I build interactive labs to demonstrate real-world web vulnerabilities like XSS, Clickjacking, and Open Redirects.

About Me

Hi, I'm Rushikesh β€” a cybersecurity learner focused on understanding how web applications are exploited. I build hands-on, browser-based labs to simulate real-world vulnerabilities such as XSS, insecure authentication, and broken access control. My goal is to develop a strong foundation in web security and think like an attacker while building like a developer.

My focus is on understanding how client-side vulnerabilities occur and how attackers exploit them in real-world applications. This portfolio is a collection of interactive labs designed to simulate common web security flaws and their mitigations.

Skills (Learning)

HTML
Linux
Cybersecurity
Game Development
CSS
JavaScript (Learning)
Git & GitHub
Networking
Python
Burp Suite

🧠 Projects

Vulnerability Demo Web App

Frontend-focused project with real-world UI patterns

Live β€’ Deployed Intermediate Frontend

Role: Designed and developed the full frontend, focusing on performance, responsiveness, and interaction design.

Tech Stack:

HTML CSS JavaScript
πŸ”— Live πŸ’» Code
  • Demonstrates DOM-based XSS vulnerability
  • Includes secure fix using safe DOM handling
  • Side-by-side comparison view
  • Predefined attack payload testing
  • Phishing detection mini feature
  • Built responsive layout using CSS Grid and Flexbox
  • Implemented dark mode toggle using classList
  • Added scroll reveal animations using IntersectionObserver
  • Optimized layout for mobile devices
  • Problem: Needed a clean way to present projects professionally
  • Solution: Built a modular, responsive UI with reusable components

πŸ” Security Notes

  • Static content reduces attack surface
  • No user input stored or processed
  • External links handled safely
  • Future scope: apply Content Security Policy (CSP)

Focused on performance and clean DOM structure

Client-Side Security Tester

Frontend-focused project with real-world UI patterns

Live β€’ Deployed Intermediate Frontend

Role: Designed and developed the full frontend, focusing on performance, responsiveness, and interaction design.

Tech Stack:

HTML CSS JavaScript
πŸ”— Live πŸ’» Code

    How Detection Works

    XSS: Detects script tags, event handlers, and JavaScript URIs.

    Phishing: Identifies suspicious keywords and domain patterns.

    DOM Risk: Flags unsafe JavaScript functions like innerHTML and eval.

  • Built responsive layout using CSS Grid and Flexbox
  • Implemented dark mode toggle using classList
  • Added scroll reveal animations using IntersectionObserver
  • Optimized layout for mobile devices
  • Problem: Needed a clean way to present projects professionally
  • Solution: Built a modular, responsive UI with reusable components

πŸ” Security Notes

  • Static content reduces attack surface
  • No user input stored or processed
  • External links handled safely
  • Future scope: apply Content Security Policy (CSP)

Focused on performance and clean DOM structure

Bug Bounty Lab + Request Editor

Client-side Web Vulnerability Simulation

Live β€’ Deployed Intermediate Security Lab

An interactive lab that simulates real-world client-side vulnerabilities such as Cross-Site Scripting (XSS), Open Redirects, and Clickjacking, along with a mini request editor for input-based security analysis.

Vulnerabilities Covered:

XSS Open Redirect Clickjacking DOM Injection

Tech Stack:

HTML CSS JavaScript
πŸ”— Live πŸ’» Code
  • Stored XSS (vulnerable vs secure implementation)
  • Open Redirect simulation with validation bypass
  • Clickjacking attack simulation using hidden overlays
  • Request Editor for payload testing and analysis
  • Analyzing DOM-based vulnerabilities
  • Crafting and testing attack payloads
  • Understanding exploitation flow and mitigation techniques

πŸ” Security Breakdown

  • XSS Impact: Allows execution of arbitrary JavaScript in victim’s browser
  • Open Redirect Risk: Can be used for phishing and user redirection attacks
  • Clickjacking: Tricks users into performing unintended actions
  • Mitigation: Safe DOM handling, URL validation, and UI protection techniques

Currently under developmentπŸ‡

Authentication Vulnerability Lab

Security-focused lab simulating real-world authentication vulnerabilities

Live β€’ Deployed Intermediate Security Lab

Interactive client-side security lab demonstrating authentication and access control flaws, including weak login logic, insecure session storage, and direct page access bypass.

Vulnerabilities Covered:

XSS Open Redirect Clickjacking DOM Injection

Tech Stack:

HTML CSS JavaScript
πŸ”— Live πŸ’» Code
  • Weak Authentication: Login validation handled entirely on client-side β†’ bypassable via DevTools
  • Session Manipulation: Authentication state stored in localStorage β†’ can be modified manually
  • Broken Access Control: Direct access to protected pages without validation
  • Exploitation: Demonstrated bypass using browser console and URL access
  • Analyzing DOM-based vulnerabilities
  • Crafting and testing attack payloads
  • Understanding exploitation flow and mitigation techniques

πŸ” Security Notes

  • Client-side authentication is inherently insecure
  • localStorage should not be used for sensitive session control
  • Proper access control must be enforced on the server
  • This project intentionally demonstrates insecure patterns for learning

Currently under developmentπŸ‡

🧠 Security Mindset

I approach development by actively thinking about how features can be exploited, not just how they function. My focus is on identifying client-side vulnerabilities and understanding how attackers manipulate the DOM and user input.

Contact

Email: Rushikesh8021@gmail.com

My LinkedIn Profile