Building Secure Systems — Breaking Them Too
Govind Pratap Singh | Security Engineer & Python/FastAPI Developer
🔒 Web/API/Mobile Security | 🐍 Python/FastAPI Backend | 🚀 DevSecOps
About Me
My Philosophy
"I'm a Cybersecurity Professional and Python/FastAPI Backend Developer with a unique blend of offensive security expertise and backend engineering skills. I don't just find vulnerabilities — I build secure backend systems from the ground up. Recognized in NASA's VDP Hall of Fame and author of CVE-2025-61246 (CVSS 9.8), I bring real-world security experience to every project." "Beyond offensive security, I possess strong foundational knowledge in Security Operations (SOC) — including SIEM monitoring, log analysis, incident response, and threat hunting — gained through 50+ hands-on labs on TryHackMe and the Google Cybersecurity Professional Certificate curriculum."
"I believe security is not a feature — it's a mindset. Every line of backend code I write is secured by default, and every vulnerability I find teaches me how to write better code."
Security Engineer
- Web/API/Mobile Pentesting
- Vulnerability Assessment
- OWASP Top 10 | Threat Modeling
- Burp Suite | Nmap | Metasploit
Backend Developer
- Python | FastAPI | Django
- REST APIs | WebSockets
- PostgreSQL | Redis | MongoDB
- Docker | Kubernetes | CI/CD
DevSecOps
- Secure CI/CD Pipelines
- Security Automation
- Container Security
- Infrastructure as Code
Expertise
Technical Skills
Cybersecurity & SOC
Penetration Testing
Vulnerability Assessment
Security Operations (SOC)
Reconnaissance & Tools
Backend Development
Python Ecosystem
APIs & Real-Time
Databases & Caching
DevOps & Cloud
Portfolio
Featured Projects
Category: Cybersecurity
AutoRecon
Automated reconnaissance framework integrating Amass, Subfinder, Nmap, Nikto, ffuf, and Waybackurls for attack surface mapping and vulnerability correlation.
Category: Python + FastAPI (Backend Projects)
Secure REST API with FastAPI
Production-ready REST API with FastAPI, JWT authentication, role-based access control, PostgreSQL via SQLAlchemy, Redis caching, and Docker containerization. Fully async with Pydantic v2 validation.
Vulnerability Tracker API (Django REST)
Comprehensive Django REST Framework API for tracking CVEs and vulnerabilities. Includes CVSS scoring, Celery async notifications, bulk NVD JSON imports, and custom status workflows.
Real-Time Threat Feed (FastAPI + WebSockets)
Live threat intelligence feed using FastAPI WebSockets and Redis pub/sub. Streams newly published CVEs to connected dashboards in real-time. Deployed via Docker + Kubernetes.
DevSecOps CI/CD Pipeline
Automated security-integrated CI/CD pipeline using GitHub Actions and Jenkins. Includes SAST, dependency scanning, Docker image scanning, and cloud deployment to AWS/GCP.
Journey
Achievements & Certifications
NASA VDP Hall of Fame
View DisclosureInducted for responsible disclosure of security vulnerabilities impacting NASA's public-facing infrastructure. Recognized by Bugcrowd.
CVE-2025-61246 Author
View CVEDiscovered and published a Critical SQL Injection vulnerability (CVSS 9.8). Provided a full PoC exploit, remediation guidance, and a Docker-based vulnerable lab environment.
Certifications
- eJPT v2 (INE Security Junior Penetration Tester) — 2025
- Google Cybersecurity Professional Certificate — 2025
→ Covered: SIEM tools (Splunk, Chronicle), network security, incident response, Linux, Python automation, NIST, and MITRE ATT&CK.
- Certified Red Team Analyst (CRTA) — 2025
- ICCA (INE Security Certified Cybersecurity Analyst)
Quick Stats
- TryHackMe Top 9% Global Rank (50+ Labs in SOC, CTI, Pentesting, Blue Team)
- 15+ Vulnerabilities found during Internship
- 500+ Daily Active Users on CVE Radar
- 15+ Technical articles (4000+ total reads)
Writing
Technical Articles
Cybersecurity (Medium)
- 1. How I Found My First CVE: SQL Injection Deep Dive
- 2. NASA VDP Hall of Fame — My Responsible Disclosure Journey
- 3. OWASP Top 10: Practical Exploitation Guide for Beginners
- 4. Red Team 101: Complete Reconnaissance Methodology
- 5. XSS to RCE: Chaining Vulnerabilities for Maximum Impact
- 6. SOC 101: SIEM Log Analysis for Beginners
- 7. Incident Response Lifecycle: From Detection to Recovery
Python & FastAPI (Backend Focus)
- 1. FastAPI Deep Dive: Building Async REST APIs with Python
- 2. Django REST Framework: Complete Security Guide
- 3. Secure Coding in Python: OWASP Top 10 for Developers
- 4. DevSecOps: Integrating Security in CI/CD Pipelines
- 5. WebSockets with FastAPI: Real-Time APIs Guide
- 6. Docker + Kubernetes: Deploying Python Apps at Scale
- 7. Redis + Celery: Async Task Queues in Python
"Govind's security findings helped us prevent a major data breach. His reports are detailed, actionable, and developer-friendly."
— Ceeras IT Services
"One of the most dedicated security researchers I've worked with. His approach to vulnerability discovery is methodical and thorough."
— Bugcrowd Community
"Govind's dual expertise in security and software development is rare. He doesn't just report vulnerabilities — he provides production-ready fixes."
— Open Source Contributor
Get In Touch
Open for pentesting, security engineering, and Python/FastAPI developer roles.
Contact Information
govindsinghpratap123@gmail.com
+91 6396448562
Bareilly, Uttar Pradesh, India
Currently Open For:
- ✓ Penetration Testing Engagements
- ✓ Security Engineering Roles
- ✓ Python/FastAPI Backend Developer Positions
- ✓ DevSecOps Opportunities
- ✓ Freelance Security Consulting
- ✓ Open Source Collaboration