Jaynel Patiarba, Application Security Engineer
Philippines
(+63) 9915789798
0xcucumbersalad@proton.me
linkedin.com/in/patiarba
Summary
Driven Security Researcher with over 4 years of experience specializing in application security and penetration testing. Proficient in using tools like Burpsuite and Kali Linux to uncover vulnerabilities in web applications and APIs. Successfully collaborated with development teams to remediate security flaws, while also executing threat hunting operations that improved organizational security posture. Ready to bring expertise and a results-oriented approach to enhance security measures and protect critical assets.
Work Experience
12/2020 – 01/2025
Security Researcher Freelance, HackerOne Bug Bounty Programs
Remote, Remote
  • Executed thorough security assessments and penetration testing on web applications, APIs, and various systems, uncovering critical security vulnerabilities.
  • Leveraged advanced security toolkits, including Burpsuite and Kali Linux, to scrutinize intricate systems and pinpoint potential security threats.
  • Partnered with development teams to convey identified vulnerabilities and deliver strategic, actionable recommendations for effective remediation.
02/2025 – 05/2025
Penetration Tester Intern, Syntactics Inc.
Philippines, On-site
  • Performed comprehensive security assessments and penetration testing on web applications, APIs, and other systems, identifying significant security flaws.
  • Demonstrated proficiency in utilizing security toolkits such as Burpsuite and Kali Linux to analyze complex systems and highlight potential security risks.
  • Collaborated closely with development teams to disclose vulnerabilities and provide clear, actionable recommendations for remediation.
  • Conducted proactive threat hunting operations to discover valid credentials compromised in public data breaches, correlating leaked data with internal user accounts, assessing risk, and facilitating remediation actions, including enforced password resets and MFA implementation.
Education
2021 – Present
University of Science and Technology of Southern Philippines
Bachelor of Science in Information Technology (BSIT), Information Technology
CDO, Philippines
Skills
JavaScript (React.js, Node.js, NEXT.js)
Python
PHP (Laravel)
VSCode
Git
Postman
Docker
Web Application Security (OWASP Top 10, XSS, CSRF, SQL Injection)
Vulnerability Research
Bug Hunting
Penetration Testing
Burp Suite
Kali Linux
Ethical Hacking
Linux
Windows
macOS
Application Security
Code Review
OWASP Knowledge
Threat Modeling
Security Automation
Communication
Analytical Skills
SAST/SCA/DAST
Security Certifications
Scripting
Certification
Certified AppSec Practitioner (CAP)
View Certificate
  • Earned credential demonstrating foundational proficiency in application security, including OWASP Top 10, secure coding, and vulnerability assessment.
Certified AppSec Pentesting eXpert (CAPENX)
View Certificate
  • Demonstrated advanced proficiency in application security by successfully completing a 7-hour practical exam involving real-world pentesting scenarios, including complex attack vectors such as SSRF, RCE, and API vulnerabilities.
Certified Network Security Practitioner (CNSP)
View Certificate
  • Demonstrated proficiency in identifying and mitigating network vulnerabilities, configuring secure systems in Linux and Windows, and understanding of social engineering attacks and basic malware analysis.
APIsec Certified Practitioner (ACP)
View Certificate
  • Validated expertise in API security through completion of five core courses and a rigorous 100-question examination, covering topics like OWASP API Security Top 10, authentication strategies, and API server hardening.
Web Application Penetration Tester eXtreme (eWPTX)
View Certificate
  • Successfully completed an 18-hour, hands-on assessment simulating real-world web application penetration testing engagements. Demonstrated proficiency in advanced exploitation techniques, including bypassing WAFs, conducting API security assessments, and delivering comprehensive reports aligned with industry standards.

CVE PUBLICATION

CVE-2025-4691, WordPress Plugin

Identifies an Insecure Direct Object Reference (IDOR) vulnerability in the eaSYNC Booking plugin for WordPress, which is commonly used by hotels, restaurants, and car rental services. This vulnerability affects all versions up to and including 1.3.21.

CVE-2025-14660, Deco deco-mesh

A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can be initiated remotely.

CVE-2025-13796, Deco deco-apps

A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery.

CVE-2025-12917, TOZED ZLT T10

A vulnerability was identified in TOZED ZLT T10 T10PLUS_3.04.15. The affected element is an unknown function of the file /reqproc/proc_post of the component Reboot Handler. Such manipulation leads to denial of service.

Built with v0