AGAtharva GhamBackend · Platform · Security
Theme
Menu
Back to projects

Application Security2023

Web Vulnerability Research and Remediation Tooling

Built Python tooling to replicate and fingerprint SQL injection and XSS patterns across production-like environments.

Translated vulnerability research into secure coding guidance and CI/CD rules that eliminated injection vectors earlier in delivery.

Architecture Diagram

How the system fits together

This visual is meant to show the operating shape of the project at a glance: where input begins, where decisions happen, and what the useful output surface actually is.

ScopeApplication Security
SignalsShift-left
Application-security workflow diagram showing exploit reproduction, static analysis rules, CI gates, and remediation feedback.

Application-security workflow diagram showing exploit reproduction, static analysis rules, CI gates, and remediation feedback.

Snapshot

What matters most in this project

Shift-leftSecurity placement in delivery
AutomatedRule-driven vulnerability checks
Developer-usableRemediation guidance outcome

Challenge

The goal was to move beyond one-off findings and turn web vulnerability research into repeatable checks and fixes developers could use before release.

Result

That work shifted application security earlier in delivery by making insecure patterns easier to catch, explain, and remove before release.

Approach

  • Built Python tooling to reproduce and fingerprint common exploit paths such as SQL injection and XSS in production-like environments.
  • Converted research findings into Semgrep and CodeQL rules that could run continuously in delivery pipelines.
  • Paired the automation with remediation guidance focused on what engineers actually needed to change in code.

Architecture

  • Used Python tooling to recreate common exploit paths under controlled conditions so findings were reproducible.
  • Translated repeated patterns into Semgrep and CodeQL rules that could run continuously during pull requests and CI.
  • Paired rule output with code-level remediation notes so developers could move from finding to fix quickly.

Impact

Translated vulnerability research into secure coding guidance and CI/CD rules that eliminated injection vectors earlier in delivery.

  • Implemented Semgrep and CodeQL policies to catch risky patterns before release.
  • Created remediation guidance developers could actually apply during normal delivery work.

Tradeoffs and Decisions

  • Avoided one-off checks and instead invested in patterns that would continue catching regressions after the initial research phase.
  • Balanced rule sensitivity against developer trust so the guardrails stayed enforceable without overwhelming teams with noise.
  • Focused on code paths with strong remediation value rather than chasing every theoretical issue equally.

Stack

Tools and technologies behind the work

PythonSemgrepCodeQLCI/CDWeb Security