Chand Chauhan joined Continent 8 Technologies in January of this year as a VAPT Engineer, responsible for identifying and analyzing security flaws across systems and software. Based in Montreal, he is a highly experienced Network, Web, and API Penetration Testing specialist. He’ll be putting this vast knowledge to good use, working with the C8 Secure team and its growing customer base.

Tell us about your role and experience.

I’ve been deeply involved in bug bounties (where individuals report bugs and vulnerabilities in websites and organizations for a financial reward) since 2016, where I’ve achieved numerous milestones. I’ve found vulnerabilities in major companies like Google, PayPal, Yandex, ProtonMail, and many more. I would say that over time, I’ve discovered more than 700 vulnerabilities, although I stopped counting after a while!

To put this into context, in 2022 the National Vulnerability Database (US Department of Homeland Security) had 206,059 entries.

What inspired you to pursue a career in Vulnerability Assessment and Penetration Testing?

I’ve developed a habit of looking at things from a security perspective first, considering the negatives before the positives. This mindset fuels my curiosity to explore matters further and try to exploit vulnerabilities.

I became interested in finding vulnerabilities because I always questioned whether I could bypass them or manipulate things on behalf of others. This curiosity ultimately drove me to pursue a career in the Penetration Testing field.

I thrive on the excitement of uncovering weaknesses in software systems, knowing that my efforts contribute to making digital spaces safer. It’s truly gratifying to see how my work helps enhance security measures across various applications.

What are the most common cybersecurity vulnerabilities you encounter in your assessments?

In my assessments, I frequently come across vulnerabilities such as Cross-site Scripting (XSS), Insecure Direct Object Reference (IDOR), and SQL Injection (SQLi). However, lately, Privilege Escalation and Business Logic issues have become more prevalent, demanding a deeper understanding and innovative approaches to mitigation.

I’ve also uncovered account takeover vulnerabilities numerous times in cryptocurrency exchanges. Additionally, I’ve found vulnerabilities where domain names belonging to other users were transferred or can be hijacked multiple times. These findings have been some of the most interesting and rewarding aspects of my career in bug bounty hunting.

How do you stay updated with the latest cybersecurity threats and trends?

I rely heavily on platforms like Twitter (X) to stay up to date with the latest cybersecurity threats and trends. Engaging with the vibrant community of security researchers allows me to exchange insights, learn about new vulnerabilities, and stay ahead of emerging threats. Additionally, I actively participate in forums, webinars, and conferences to broaden my knowledge and skills in the ever-evolving field of cybersecurity.

What are the biggest challenges you face in your role as a VAPT specialist, and how do you overcome them?

As a VAPT specialist, one of the biggest challenges is staying ahead of constantly evolving attack techniques and technologies. To overcome this, I prioritize continuous learning and experimentation. I also collaborate with peers, engage in knowledge-sharing sessions, and invest time in research and development. By staying agile and adaptive, I ensure that my skills and techniques remain effective in addressing the diverse cybersecurity challenges encountered in my role.

In fact, this was a key factor in taking the role at Continent 8, being able to collaborate with a team of likeminded individuals, passionate about the cybersecurity landscape and protecting organizations from the ever-evolving threat landscape.

Learn more about our VAPT solution here.