About Me

Fri, 13 Feb 2026 00:00:00 +0000

Hello, I’m Siddharth! 👋

I’m a security engineer who spends most of my time looking for bugs in software. My job is essentially being professionally paranoid—someone has to worry about the edge cases nobody thought about at 3 AM during a deployment.

What I Work On

🔐 Cryptography

I spend a lot of time working with cryptography, trying to understand encryption protocols and their implementations. You might say I’m somewhat crypto-invested in learning how cryptographic systems work (and how they sometimes don’t). I’m still learning about cipher implementations and key management systems, which turns out to be way more complicated than “just encrypt it.”

🎯 Cross-Site Scripting (XSS)

My favorite area to explore is Cross-Site Scripting (XSS) vulnerabilities. There’s something oddly satisfying about finding that one input field that nobody remembered to sanitize. I’m still figuring out all the variants—reflected, stored, DOM-based—and honestly, browser behavior keeps surprising me. Every time I think I understand how XSS works, I find a new filter bypass that makes me question everything again.

🐛 Bug Hunting

I participate in bug bounty programs and try to contribute to the security community when I can. Still learning something new every day, usually the hard way. Each vulnerability found is a lesson learned and a system made more secure.

My Approach

I try to find security vulnerabilities before they become problems. Most of my work involves testing things until they break, then documenting exactly how they broke so someone can fix it. It’s less glamorous than it sounds—lots of reading documentation, testing edge cases, and occasionally realizing I’ve been chasing a false positive for three hours.

Philosophy

I believe in:

Security Through Understanding - You can’t protect what you don’t understand
Ethical Disclosure - Responsible vulnerability reporting benefits everyone
Continuous Learning - Attack techniques evolve, so must we
Breaking to Build - Finding weaknesses makes systems stronger

Let’s Connect

I’m always open to discussing security research, collaboration opportunities, or connecting with fellow security enthusiasts.

GitHub: github.com/siddharthsyal
LinkedIn: linkedin.com/in/siddharthsyal
Email: Drop me a message through the contact links

“The difference between a hacker and a security researcher is mostly just proper authorization and significantly better documentation.”

Bug Bounty

Fri, 13 Feb 2026 00:00:00 +0000

Bug Bounty Write-ups

Welcome to my bug bounty collection! Here you’ll find detailed write-ups of security vulnerabilities I’ve discovered, analysis of interesting security issues, and insights from my security research journey.

What You’ll Find Here

🔍 Vulnerability Discoveries - Detailed analysis of security flaws
💰 Bug Bounty Reports - Write-ups from various bug bounty programs
🛡️ Security Insights - Lessons learned and security best practices
🔧 Tools & Techniques - Security testing methodologies and tools

Recent Bug Bounty Posts

Browse all bug bounty related posts below, organized by most recent.

All vulnerabilities disclosed here have been responsibly reported and fixed by the respective vendors.

Search

Fri, 13 Feb 2026 00:00:00 +0000

Siddharth Syal

About Me

Hello, I’m Siddharth! 👋

What I Work On

🔐 Cryptography

🎯 Cross-Site Scripting (XSS)

🐛 Bug Hunting

My Approach

Philosophy

Let’s Connect

Bug Bounty

Bug Bounty Write-ups

What You’ll Find Here

Recent Bug Bounty Posts

Search