Dev & Security Portfolio - Ishtiyaaq Rajah

user@system:~$

Experienced **Full-Stack Developer** focused on building **high-performance, resilient applications**, combined with certified expertise as an **Ethical Hacker** proficient in proactive vulnerability assessment and secure coding practices.

View My Secure Projects

Skills // Stack & Toolkit

Development Stack

Building robust and scalable architectures.

React / Next.js Node.js / Express Python / Django TypeScript PostgreSQL / MongoDB AWS / Docker / Kubernetes

Security Toolkit

Identifying and mitigating application vulnerabilities.

Burp Suite Pro Nmap / Wireshark Kali Linux Metasploit OWASP ZAP Static Code Analysis (SAST)

Projects // Secure & Scalable

Decentralized Auth Service

A high-availability authentication microservice.

**Tech:** GoLang, Redis, JWT.
**Performance:** Achieved <10ms response time for token validation.
**Security Focus:** Implemented rate-limiting, comprehensive input validation, and used HMAC signing for JWTs stored in memory.
**Vulnerability Test:** Conducted fuzz testing and load testing to ensure resilience against DoS/DDoS.

Security Audit Summary

**Passed:** Broken Authentication, Injection Flaws.
**Mitigated:** Minor XSS risk in client-side logs.

Code Repository (Private/Simulated) →

Real-Time Inventory Dashboard

A React/Redux dashboard processing thousands of product updates per minute.

**Tech:** React, Redux Toolkit, WebSockets, Python Flask API.
**Performance:** Optimized rendering using virtualization; deployed in a serverless environment (Lambda).
**Security Focus:** Enforced least privilege access control (RBAC) on the backend API endpoints. Strict use of React's built-in XSS prevention.
**Vulnerability Test:** Checked for Insecure Direct Object Reference (IDOR) across all data fetching routes.

Security Audit Summary

**Passed:** IDOR, Mass Assignment.
**Mitigated:** Configured stricter CORS policies post-deployment.

Code Repository (Private/Simulated) →

Security // Certifications & Methodology

                    Certifications
                    
                            [+] **OSCP** (Offensive Security Certified Professional)
                        
                            [+] **CEH** (Certified Ethical Hacker)
                        
                            [+] **CompTIA Security+**
                        
                            [+] AWS Certified Security - Specialty (Optional)

Vulnerability Focus

A deep understanding of the OWASP Top 10:

* **A01: Broken Access Control** (RBAC Implementation)
* **A03: Injection** (Parameterized Queries, Input Sanitization)
* **A05: Security Misconfiguration** (Cloud Hardening, CORS, Headers)
* **A07: Identification and Authentication Failures** (Strong Password/MFA)

SDLC Integration

Integrating security into the development lifecycle:

**Secure Design:** Threat Modeling during planning.
**Code Review:** Peer review focusing on vulnerability patterns.
**Automated Testing:** CI/CD integration of SAST/DAST tools.
**Compliance:** Experience with GDPR/CCPA and data handling best practices.