Aashutosh Devkota — Cyber Security Researcher

Based in Nepal

Aashutosh
Devkota

Cyber Security Researcher · Web Developer
Python Automation Enthusiast

Security Dev Python Educator

▶ Get in Touch View work →

300+

Valid Vulns

Top 25

CISA Hacker List

aashutoshx24@nepal:~

❯ whoami Aashutosh Devkota ❯ cat skills.txt Penetration Testing Bug Bounty Hunting Web Development Python Automation ❯ cat wins.txt 300+ Valid Vulnerabilities CISA Top 25 Hacker 2024 Security Researcher ❯ status ● Open to opportunities

Bug Bounty & Responsible Disclosure

Top Companies I Secured

Vulnerabilities responsibly disclosed to organizations across 4 continents

300+ Organizations · Hall of Fame

Career

Work Experience

Code for Change

Vice Project Lead — Chitwan

Jan 2026 – Present · Full-time

Active

HackerOne

Security Researcher

May 2024 – Present · Freelance · 1 yr 11 mos

Active

Bugcrowd

Security Researcher

Mar 2024 – Present · Freelance · 2 yrs 1 mo

Assisted in identifying 300+ valid vulnerabilities across platforms
Ranked in the Top 25 Hacker List — CISA Annual Report (2024)

Active

Expertise

Core Skills

🔐

Offensive Security

Penetration TestingBug BountyOWASPRecon

🌐

Web Development

HTML/CSSJavaScriptREST APIs

🐍

Python Automation

ScriptingAutomationTooling

🔑

API Security

API TestingAuth FlawsInjection

🐧

Linux & OS

Kali LinuxBashCLI

📝

Vulnerability Reporting

PoC WritingCVEDisclosure

Credentials

Licenses & Certifications

APIsec University

APIsec Certified Practitioner

Issued Jan 2026

Cisco

Ethical Hacker

Issued Feb 2025

TryHackMe

Jr Penetration Testing

Issued Aug 2024

APIsec University

Certified API Security Analyst (CASA)

Issued Jan 2025

Microsoft

Student Ambassadors Security Research Contributor

Issued Dec 2024

Testimonials

What People Say

Aashutosh contacted my company to report a redirection vulnerability. The report was clear, actionable and concise. A Proof of Concept made it simple to replicate the issue and understand the implications.

Martin Chandler

Head of Technology Environments · Warwick Business School

Aashutosh recently discovered and responsibly disclosed a security vulnerability in a third-party service we utilize. Their detailed report made it easy for us to coordinate with the vendor's security team to get the issue fixed.

Colin McCune

Senior Director of Engineering · Sago Mini

Aashutosh responsibly submitted a vulnerability for one of our public-facing systems. They helpfully included information on how to reproduce it and references which helped us triage and remediate quickly.

Ryan Brooks

CTO for hire

Let's Connect

Open to Opportunities

Cybersecurity researcher & developer based in Nepal. Available for bug bounty collaboration, penetration testing engagements, and developer roles.

LinkedIn HackerOne Bugcrowd Email