Konka Karthik




Ethical Hacker & Security Consultant.

Ethical Hacker skilled to test Web, Mobile, Thick Client Applications, API, WIFI, Network vulnerability assesment and penetration testing working as a Security Consultant with a conventional and retail bank in Bahrain.

As a consultant Iam familiar with OWASP Web, Mobile, API Security Risks, OSSTMM, PCI Penetration Testing Guidance, I have worked with multiple companies on projects ranging from Web, Mobile, Thick Client Application, Network, WIFI Penetration Testing and Red Teaming Assesments including but not limited to Dubai Properties, Dubai Chambers, Ferrari World, Etisalat, DU, Ahli United Bank, Abu Dhabi Motorsports Management, Yas Waterworld, Warner Bros, ICICI Bank, Aditya Birla Group, Kony Labs.


Ranked top 2nd Mobile Security Researcher, MVP on Bugcrowd and I have found and responsibly disclosed vulnerabilities to multiple companies including but not limited to Facebook, Snapchat, Quora, At & T, Sophos, Barracuda Labs, Netgear, Dell, Spotify, Master Card, Tesla, Indeed, Slack, Binance, Coinbase, Freelancer, Carrefour and 100+ companies.

Web Applications
Security Testing

Mobile Applications Security Testing

Network Devices/Servers Security Testing

Red Teaming Assesments Physical Security, Social Engineering


Web Application Security Testing 95%
Mobile Application Security Testing(Android & iOS) 90%
API Security Testing 90%
Thick Client Application Security Testing 90%
Network Security Testing 85%
WIFI Security Testing 90%
Minimum Security Baseline 90%


I started to participate in bug bounty programs since 2014, after completing my batchelors i started working with a consulting firm as a consultant.


Konka Karthik

Passionate Security Professional with 6+ years of experience in testing Web, Mobile, API, Thick Client Application, Network, WIFI Security Testing and also experience in OSINT and Red Teaming Assesments.

Bug Bounties

Bugcrowd - Security Researcher

2014 - Present

Ranked among top 150 Security Researchers, MVP and was top 2nd mobile security researcher on platform and have found and reported vulnerabilities in Web, Mobile(Android & iOS) Applications, API Testing and Routers(iOT devices)

Synack Red Team Member

2016 - Present

As a Bug Bounty hunter i spend time in researching and reporting Security Vulnerabilities


2019 - Present

As a Bug Bounty hunter i spend time in researching and reporting Security Vulnerabilities


Batchelors in Information Technology

2012 - 2016

Vidya Jyothi Institute of Technology, Hyderabad, IN

Batchelors in Information Technology, conducted a work shop on Ethical hacking in our college and started to learn about Application Security and also reported multiple vulnerabilities to Facebook, Snapchat and other companies while i was persuing my batchelors

Professional Experience

Information Security Pentester

2020 - Present

Conventional and Retail Bank, Bahrain

  • As a Security Pentester, I conduct all security penetration testing and code review activities to guarantee releases(production and pre-production) of new applications, products, functionalities, fixes and enhancements are free from security bugs and vulnerabilities. Communicate found vulnerabilities with stakeholders and help developers in remediating the vulnerabilities and track till remediation.
  • Facilitate vendors to perform third party security assements required to meet the regulatory requirements.
  • Conduct Security Breach drills and report gaps to the respective team.
  • Well versed with Pentest requirements of CBB, SAMA, Tadawul, PCI DSS Regulators.

Senior Security Consultant

2017 - 2020

Consulting Firm, Dubai, UAE

  • Lead few projects and have worked for most of the well known companies in UAE and GCC including but not limited to Etisalat, DU, Virgin, Dubai Chamber, Ahli United Bank.
  • Delegate tasks to the 4 members of the Assurance team and provide counsel on all aspects of the project.
  • Supervise the Security Assesments conducted in order to ensure quality and accuracy of Testing is met.
  • Managed to find multiple critical vulnerabilities and root access on a server as part with in limited time as part of the Red Teaming Assesment.

Security Consultant

2016 - 2017

One of the Big Four banks of India, Mumbai, IN

  • Involved in conducting pentests of Web, Mobile applications to meet Security and Regulatory requirements.
  • Received accolades for finding critical vulnerabilities in applications on production.


Will share writeups of vulnerabilities/misconfigurations that i have found during my research or as part of the Pentests that i have conducted till date.

  • All
  • Web
  • Mobile
  • Network/WIFI


Web Application Security Testing

Application would be tested for OWASP(OWASP Top 10 is a standard awareness document for developers and web application security.) and other misconfigurations

Mobile Application Security Testing

Application would be tested for OWASP Mobile Top 10 is a standard/centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications and other misconfigurations.

Thick Client Application Security Testing

Discovering what technologies are being used on both the client and the server sides. Figuring out the application's functionality, behavior and Security flaws in the same would be tested and reported.

API Security Testing

API Security focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces, OWASP API Top 10 issues and other misconfigurations would be tested and reported.


Identify your vulnerabilities in networks, systems, hosts, and network devices with our Network Penetration Testing services, covers NIST 800-35.

Red Teaming

As most of the Red Teaming Assesments are time bound, I/my team will gather footprints of the organization and try to target the weakest links in an organization using the following skills Penetration Testing, Social Engineering, Physical Security



Dubai, UAE


+973 33124669

Your message has been sent. Thank you!

End Footer -->