Skip to content
LinkedIn

MPSTME, NMIMS University · Class of 2027

Prathmesh Badgujar

Computer Engineering Student · Security Researcher · Builder of Production Web Systems

Freelance security research on HackerOne & Bugcrowd; builder of RailCore, Dropflow, and security-oriented APIs.

View projectsLinkedInGitHub

About

Security research and production engineering

I am a B.Tech Computer Engineering student at MPSTME, NMIMS University (2021–2027), combining responsible security research with production-minded software engineering.

Since 2022, I have worked as an independent security researcher on HackerOne and Bugcrowd, disclosing high-severity issues—including IDORs, business logic flaws, and payment bypasses—to more than thirty organizations worldwide. I write OWASP-aligned reports with clear proof-of-concept steps, impact analysis, and remediation guidance.

Alongside research, I build and ship web systems such as RailCore (a production-grade Indian Railways PNR tracker), Dropflow (original-quality file sharing with Cloudflare R2), and an IP fraud detection API—emphasizing validation, rate limiting, structured logging, and monitoring-ready endpoints.

Skills

Security, backend, frontend, and tooling

Security

  • Web app penetration testing
  • OWASP Top 10
  • Vulnerability reporting (PoC + impact + fix)
  • Recon basics
  • API security testing
  • Secure code review basics

Backend

  • Node.js
  • TypeScript
  • Express
  • REST API design
  • Input validation
  • Rate limiting
  • Error handling

Frontend

  • React
  • Vite
  • PWA (Workbox)
  • Tailwind CSS
  • Responsive UI/UX

Tools & platforms

  • Git/GitHub
  • Postman
  • Burp Suite
  • Linux basics
  • Cloudflare basics

Soft skills

  • Fast learner with adaptive mindset
  • Team collaborator
  • Problem solving
  • Effective communicator

Selected projects

Systems with real users and security-minded design

TypeScriptExpressReactPWA

RailCore PNR Tracker

Production-grade Indian Railways PNR tracking with waitlist prediction, real-time status, trends, coach/seat detail, and export/share/print.

  • Since launch, RailCore has tracked 5,000+ PNRs—demonstrating real-world adoption and practical product impact.
  • Secure API design: validation, rate limiting, structured logging, optional request signing; monitoring-ready endpoints.
WebsitePNR app
Web appFile transferCloudflare R2

Dropflow

File sharing without compression—upload any file and share via link for original-quality downloads, powered by Cloudflare R2.

  • Includes device-to-device Send/Receive via code and Paste (pastebin-style) with optional expiry and privacy controls.
Open app
Node.jsExpressTypeScriptREST API

IP Fraud Detection API

REST API that assesses IP risk and fraud signals and returns a structured risk response for downstream apps and security workflows.

  • Implemented input validation, rate limiting, and clear error handling to support safe production use.
GitHub

Experience

Responsible disclosure and reporting

Independent Security Researcher

Freelance

2022 — Present

Platforms: HackerOne, Bugcrowd

  • Identified and responsibly disclosed high-severity vulnerabilities, including IDORs, business logic flaws, and payment bypasses, impacting 30+ organizations worldwide.
  • Wrote OWASP-aligned reports with clear PoCs, impact analysis, and remediation guidance.

Education

Academic background

  1. 2021 — 2027

    MPSTME, NMIMS University

    B.Tech in Computer Engineering

    CGPA: 2.45

  2. 2019 — 2021

    R.C. Patel Junior College

    HSC

    89.60%

  3. 2019

    R.C. Patel English Medium Secondary School

    SSC

    85.40%

Contact

Let’s connect

The fastest way to reach me is on LinkedIn. You can also explore my projects and code below—details match what is listed on my resume.

Message on LinkedInGitHub profile

Project links