// About

Hola! I’m Abida Shariff. I work as a Lead Security Engineer at RedSentry, running offensive security engagements across web applications, mobile apps (Android & iOS), cloud environments, and internal infrastructure. My job is to think like an attacker so your organization doesn’t have to learn the hard way.

I hold OSCP, CEH, and eJPT certifications but the real learning happens in the field. Every engagement is a different puzzle, and I haven’t gotten bored yet.

I actively contribute to the security community as a speaker and trainer, delivering sessions at BSides Ahmedabad, Null / OWASP Bangalore Combined Meet, Null Bangalore Humla Workshop, and Securzy Lab.

I’m also one of the Chapter Leads at Null Bangalore, where I organize meetups, run workshops, and mentor the next wave of security talent because the community gets stronger when we share what we know.

Also I’m exploring Blockchain security, Web3, and smart contracts.

When I’m not hunting vulnerabilities, you’ll find me travelling countries and soaking in new cultures, pushing through a workout, or petting every cat that crosses my path.

If you’re building something that needs breaking, defending something that matters, or just want to geek out about security, let’s connect. I’m always up for a good conversation.

Connect

Skills

Web Application Pentesting Android Pentesting iOS Pentesting Red Teaming Blockchain Security Web3

Experience

## Lead Security Engineer

Red Sentry — May 2024 - Present

  • Currently leading high-impact offensive security engagements while mentoring and elevating the team
  • Tested and contributed to 150+ penetration testing engagements across web, mobile (Android and iOS), API, internal, active directory, external and cloud
  • Identified and reported 200+ security vulnerabilities across fintech, SaaS, healthcare, and enterprise platforms, including multiple critical and high-severity findings
  • Driving scoping discussions, client communication, and executive-level reporting
  • Reviewing and validating critical/high-severity findings before final delivery
  • Mentoring security engineers and raising technical quality across engagements
  • Improving internal testing methodologies and products

## Security Engineer

Red Sentry — April 2023 - April 2024

  • Successfully tested 100+ applications, delivering comprehensive black-box, grey-box, and white-box assessments and identifying 150+ security issues
  • Identified critical vulnerabilities in complex role-based and production environments
  • Delivered structured, risk-focused reports aligned with OWASP and industry standards
  • Mentored junior consultants and reviewed reports for technical accuracy

## Security Analyst

Network Intelligence — Jan 2022 - March 2023

  • Conducted 40+ web and internal penetration tests across different sectors
  • Helped clients reduce critical risk exposure through actionable remediation guidance
  • Collaborated directly with developers and DevOps teams to support secure SDLC practices
  • Delivered clear, business-impact-driven security assessments

## Full-Time Bug Bounty Hunter

Independent — Jan 2018 - Jan 2022

  • Reported 100+ valid vulnerabilities across global programs
  • Discovered critical issues such as IDOR, BAC, RCE, auth bypass, SSRF, and business logic flaws
  • Developed a strong attacker mindset through real-world exploitation scenarios

## Chapter Lead

Null Bangalore — April 2023 - Present

  • Organizing meetups, running workshops, and mentoring the next wave of security talent
  • One of India's most active open security communities

Education

## Master of Computer Applications (MCA) – Specialization in Cybersecurity & Cloud

Jain University (Deemed-to-be University), Bangalore, India

Advanced focus on network security, programming, cloud architecture, application security, and threat analysis

## Bachelor of Computer Applications (BCA) – Specialization in Cybersecurity & Cloud

Jain University (Deemed-to-be University), Bangalore, India

Foundation in computer science, programming, networking, and information security

Certifications

OSCP

OffSec

eJPT

INE

CEH

EC-Council

Trainings/Talks

## BSides Ahmedabad — Advanced iOS Application Pentesting & Reverse Engineering

Led a 2-day intensive training covering Frida, Objection, LLDB, SSL pinning bypass, runtime manipulation, and real-world case studies.

Training iOS Reverse Engineering

## Null Bangalore Humla Workshop — Unlocking iOS Security: A Hacker's Guide to Application Testing

Ran a full-day hands-on workshop on iOS application security testing.

Workshop iOS

## Null/OWASP Bangalore Meetup — iOS Pentesting: A Beginner's Practical Guide

Delivered a talk on practical iOS penetration testing to an audience of 270+ security professionals.

Talk iOS Pentesting

## Securzy Lab — iOS Pentesting Unleashed: A Pentester's Toolkit & Guide

Conducted an online masterclass covering iOS pentesting tools, techniques, and methodology.

Masterclass iOS Pentesting

## OWASP Guwahati — Science to Cyber Security

Presented on the journey from science to cybersecurity.

Talk Cybersecurity

Resume

Download Resume