arshad@dev: ~
Hi 104.154.140.216

I'm Arshad,

Developer&Security Researcher

I find security holes before attackers do. Security Researcher and Developer with national-level recognition from CERT-In (Government of India) for responsibly disclosing security vulnerabilities in government systems, and I build high-performance web applications with security engineered from day one — not patched on later.

portrait
Arshad
whoami
1
Nice to meet you! I'm Arshad, a Developer and Cybersecurity Enthusiast.
2
I create full-stack web applications that are easy to use, hard to break, and built to scale beyond the demo stage.
3
I follow the latest trends in frontend technologies and libraries, aiming to design and build more accessible applications.
4
My expertise extends to cybersecurity, where I regularly follow the latest trends and work as a freelance bug hunter. This dedication helps me secure my projects more effectively, as I adhere to OWASP security guidelines.
5
I don't just write code, I analyze how systems behave under pressure. Through personal projects and experimentation with new technologies, I focus on building scalable, secure applications. As a security researcher, I apply an attacker's mindset to identify weaknesses before they become real-world problems.
me-online
GitHubLinkedInLeetCodeBlog
arshad@dev:~$
Featured & Recognized
OnManorama
OnManorama News
@Onmanorama
Kerala techie protects varsity students' data from hackers, enters India's cyber security Hall of Fame
Arshad cybersecurity coverage
Read More
Mathrubhumi
Mathrubhumi News
@Mathrubhumi
ഗുരുതര സുരക്ഷാവീഴ്ച കണ്ടെത്തി; സൈബര്‍ സുരക്ഷാ ഹാള്‍ ഓഫ് ഫെയിമില്‍ ഇടംനേടി അര്‍ഷാദ്
Cybersecurity hacker illustration
Read More

My Cybersecurity Research Reached National Headlines and Secured 200,000+ Student Records

A critical vulnerability on the official website of a major public university in Kerala allowed unauthenticated access to backend systems, exposing personal and academic data of 200,000+ students and alumni, including contact details, government IDs (Aadhaar), photographs, and academic records.

I responsibly disclosed the issue to Indian Computer Emergency Response Team (CERT-In) with a detailed remediation report. CERT-In coordinated with the university, and the vulnerability was successfully fixed, preventing large-scale data misuse.

experience.sh
> experience --list

List of work experience:

ELT Global Pvt Ltd

Aug 2024 - Present

Software Engineer On-Site (Bangalore) / Full-time

  • Contributed across frontend and backend to an EdTech platform operating at 10k+ DAU - two core products: a student-facing LMS and an admin operations portal - building SDUI-driven interfaces where backend controls screen rendering without client redeploys.
  • Built automation tools for both business operations (Google Apps Script, Sheets and Classroom workflows) and dev infrastructure (Docker crash monitor with Slack alerting) - eliminating 3-4 hours/day of repetitive overhead.
  • Established a type-safe OpenAPI Swagger + Codegen pipeline - auto-generating all API schemas and TypeScript types from a single command, reducing frontend-backend integration overhead by ~60%.
  • Implemented security hardening across auth flows, token rotation, RBAC, input validation, and request signing - embedding security practices at the infrastructure layer, not as an afterthought.
  • Improved overall page performance by 35-40% through code-splitting, TanStack Query cache-first patterns, request deduplication, and API batching. Cut a key analytics API payload by ~87% through client-side derivation.

Brototype

2023 - 2024

Full Stack Engineering Intern Calicut / Full-time

  • Built and shipped a freelancer marketplace with real-time collaboration via Socket.IO, Stripe payments, AWS EC2 deployment, and a ranking algorithm for freelancer discovery.
  • Developed a full e-commerce platform with stock management, coupon engine, Razorpay integration, session-based auth, and admin panel - deployed end-to-end.

Projects highlight

Triple i Admin Portal

Built an SDUI-powered admin portal for scheduling, fee policy configuration, file management, and internal operations. Engineered O(1) date-keyed availability lookups, conflict resolution for instructor scheduling, runtime Zod schema switching, React Hook Form derived state, event-bus driven cross-module updates, RBAC-aware file controls, and a Figma-to-code design system validated through Storybook.

Next.jsNestJSPostgreSQLZustandTanStackReact Hook FormZodStorybook

Triple i Learning Platform

Delivered a student-facing learning platform with fully SDUI-driven exams, dynamic objective/descriptive/scenario-based question rendering, backend-controlled layouts and scoring, student analytics with score banding and percentile computation, zoomable comparative charts, HLS live classes, role-based screen control, and SSE schedule notifications.

Next.jsNestJSPostgreSQLHLSSSESDUI

SSH Portfolio

Engineered an SSH-based terminal portfolio using Go with Charm's Wish and Bubbletea libraries, served from a GCP e2-micro VM. The same domain serves a Next.js website over HTTPS and the terminal UI over SSH at the same time through different protocols and ports, containerized with Docker, reverse proxied through Nginx, and deployed through GitHub Actions CI/CD.

GoWishBubbleteaDockerNginxGCPGitHub Actions

archive

All projects

Triple i Admin Portal

Built an SDUI-powered admin portal for scheduling, fee policy configuration, file management, and internal operations. Engineered O(1) date-keyed availability lookups, conflict resolution for instructor scheduling, runtime Zod schema switching, React Hook Form derived state, event-bus driven cross-module updates, RBAC-aware file controls, and a Figma-to-code design system validated through Storybook.

Next.jsNestJSPostgreSQLZustandTanStackReact Hook FormZodStorybook

Triple i Learning Platform

Delivered a student-facing learning platform with fully SDUI-driven exams, dynamic objective/descriptive/scenario-based question rendering, backend-controlled layouts and scoring, student analytics with score banding and percentile computation, zoomable comparative charts, HLS live classes, role-based screen control, and SSE schedule notifications.

Next.jsNestJSPostgreSQLHLSSSESDUI

SSH Portfolio

Engineered an SSH-based terminal portfolio using Go with Charm's Wish and Bubbletea libraries, served from a GCP e2-micro VM. The same domain serves a Next.js website over HTTPS and the terminal UI over SSH at the same time through different protocols and ports, containerized with Docker, reverse proxied through Nginx, and deployed through GitHub Actions CI/CD.

GoWishBubbleteaDockerNginxGCPGitHub Actions

Freelance Marketplace

Developed a freelance platform matching clients with top talent. Implemented a ranking system based on client feedback. Offers real-time chat, video conferencing, and secure payments. Admins manage users and platform activity, ensuring a smooth and trustworthy experience.

Next.jsMongoDBWebRTCStripe

Specsy - E-commerce Application

Built an eyewear e-commerce platform using Node.js, MongoDB, EJS, Bootstrap and MVC Architecture. Implemented secure onboarding with Nodemailer verification, password reset, and session handling. Developed full stack management with category controls and product lifecycle tools. Added advanced search, filters, offers, and coupon management for streamlined merchandising.

Node.jsMongoDBEJSBootstrap

Docker Container Crash Monitor

Built a lightweight Bash-based monitor for Docker container health that watches for silent container exits and sends Slack notifications with the container name, ID, image, exit code, runtime, and host details. Designed for teams that need simple production visibility without constantly checking logs.

BashDockerSlack WebhooksLinux

Indian Stock Backtester

Built a 30-minute Opening Range Breakout backtesting system for Indian NSE stocks using Angel One SmartAPI. Simulates a strict intraday long-only ORB strategy with one trade per stock per day, breakout entries after the first 30 minutes, fixed 1.5R target, OR-low stop loss, and 15:15 IST square-off.

PythonAngel One SmartAPIPandasNSE

Bulk Image Compressor

Created a production-ready Python image compression tool that targets exact output file sizes with minimal visible quality loss. Uses binary search to find the best quality, preserves original dimensions, supports JPEG, PNG, and WebP, handles batch folders, reports compression stats, and gracefully skips corrupted files.

PythonPillowImage Processing

UTF2TTF

Built a static Malayalam Unicode to ASCII/TTF converter for legacy font workflows in tools like DaVinci Resolve, Premiere Pro, Photoshop, and CapCut. Includes instant conversion, one-click copy, and a JSON API endpoint designed to work with Apple Shortcuts for fast conversion from any app.

HTMLJavaScriptStatic APIGitHub Pages

StreamHub

Built a modern live TV streaming directory with 20,000+ channels from 180+ countries, using a sleek Apple TV-inspired interface for browsing and discovering channels across regions.

Next.js 16TypeScriptStreaming UIVercel
skills.sh
>skills --list
Select a category to view skills:
>pnpm list --tech
package.json
NestJS, Express.js, React (Next.js), TanStack Query, TanStack Table, TanStack Form, Zustand, Redux, Zod, Tailwind CSS, Storybook
Skill Badges:
NestJSExpress.jsNext.jsTanStackZustandReduxZodTailwind CSSStorybook
>Type 'help' for more commands

mail

Send a message

SESSION ESTABLISHEDSRC_IP: 104.154.140.216TLS: ACTIVE