About Me

Security engineer specializing in vulnerability research and XSS

Hello, I’m Siddharth! 👋

I’m a security engineer who spends most of my time looking for bugs in software. My job is essentially being professionally paranoid—someone has to worry about the edge cases nobody thought about at 3 AM during a deployment.

What I Work On

🔐 Cryptography

I spend a lot of time working with cryptography, trying to understand encryption protocols and their implementations. You might say I’m somewhat crypto-invested in learning how cryptographic systems work (and how they sometimes don’t). I’m still learning about cipher implementations and key management systems, which turns out to be way more complicated than “just encrypt it.”

🎯 Cross-Site Scripting (XSS)

My favorite area to explore is Cross-Site Scripting (XSS) vulnerabilities. There’s something oddly satisfying about finding that one input field that nobody remembered to sanitize. I’m still figuring out all the variants—reflected, stored, DOM-based—and honestly, browser behavior keeps surprising me. Every time I think I understand how XSS works, I find a new filter bypass that makes me question everything again.

🐛 Bug Hunting

I participate in bug bounty programs and try to contribute to the security community when I can. Still learning something new every day, usually the hard way. Each vulnerability found is a lesson learned and a system made more secure.

My Approach

I try to find security vulnerabilities before they become problems. Most of my work involves testing things until they break, then documenting exactly how they broke so someone can fix it. It’s less glamorous than it sounds—lots of reading documentation, testing edge cases, and occasionally realizing I’ve been chasing a false positive for three hours.

Philosophy

I believe in:

  • Security Through Understanding - You can’t protect what you don’t understand
  • Ethical Disclosure - Responsible vulnerability reporting benefits everyone
  • Continuous Learning - Attack techniques evolve, so must we
  • Breaking to Build - Finding weaknesses makes systems stronger

Let’s Connect

I’m always open to discussing security research, collaboration opportunities, or connecting with fellow security enthusiasts.

“The difference between a hacker and a security researcher is mostly just proper authorization and significantly better documentation.”

© 2025 - 2026 Siddharth Syal
Built with Hugo
Theme Stack designed by Jimmy