Security Researcher at Sonatype
M.S. in Computer Science, Georgia Tech, Class of 2018
B.S. in Software Engineering, Drexel University, Class of 2016
A Security Researcher, Engineer, and Innovative Problem Solver, Akshay aka
Ax holds a passion for perpetual learning. In his spare time, he loves exploiting vulnerabilities, ethically, working out and educating a wide range of audiences.
Akshay’s expertise involves web application penetration testing. Through responsible disclosure, he has previously exposed serious bugs and security vulnerabilities affecting national & global organizations like P.F. Chang’s, Planet Fitness, Comcast/Arris, Ellucian and the popular restaurant chain, Buca di Beppo.
In early 2018, Akshay helped prevent a massive data breach at Georgia Tech by going public with a serious flaw which was left unpatched for over a year. He hence earned himself a place on Tech’s Vulnerability Reporters “hall of fame” page.
To consult Akshay for your next big security project or pen-testing needs, drop him a note here.
Buca di Beppo - Italian Fine Dining with a Bug
Spaghetti, Meatballs, Marinara and Cross-Site Scripting (XSS)
2018.06.25 / 4min read. Read More
Planet Fitness: a lazy coder’s way of verifying premium access
“Planet Fitness members enjoy discounts and special deals from our partners,” reads their purple-yellow website. And, typically those…
2018.06.22 / 3min read. Read More
Open Redirects & Security Done Right!
Everything is vulnerable, as they say. The trend seems to be getting worse with the ever increasing number of connected “smart” devices.
2018.06.19 / 3min read. Read More
Prevent Domain Takeovers — Audit `Email Alias` policy today!
If you are an IT administrator of a major organization — academic or industrial, chances are you have come across enforcing an email policy…
2018.06.12 / 3min read. Read More
Comcast Arris Touchstone Gateway Devices are vulnerable! Here's the disclosure.
This is a firsthand security vulnerability public disclosure being published for educational and safety purposes only.
2018.05.14 / 6min read. Read More
Why JustFly.com wants you to ‘cancel’ your flight
A shady business model exposed in an investigative report.
2018.05.05 / 8min read. Read More
Twitter Plaintext Password Bug, following GitHub’s
UPDATE: This is a developing story and more information may be added as it becomes available.
2018.05.04 / 2min read. Read More
It’s time to change your GitHub Plaintext Password! (And on all the sites using it)
On a regular Tuesday, while reviewing pull requests and approving them, I realized I got a “404” page upon submitting the comment — hmm…
2018.05.02 / 2min read. Read More
P.F. Chang’s Security Flaw revealed, following Panera Bread’s leak
Disclaimer: This article contains a firsthand vulnerability discovery and is intended for educational and security awareness purposes only…
2018.04.09 / 6min read. Read More
How to ‘steal’ U.S. Citizenship and get away with it
The art of ghosting: How to ‘steal’ identity of someone and their U.S. Citizenship.
2018.03.31 / 7min read. Read More