role: Cyber Security Engineer @ BingoLabs
focus: [ web app pentesting, api security, source code review ]
education: B.Sc. CSIT — Tribhuvan University
building: Plumbr 🔧
ask_me: cybersecurity · bug bounty · pentesting
portfolio: chapagaiashim.com.np- 🎯 Day job: breaking (and helping fix) web apps & APIs — OWASP Top 10, business logic, source code review
- 🏆 Hall of fame: CVE-2023-28476 — Stored XSS in Concrete CMS, patched in 9.2.0
- 🥇 Hackathon: Best Use of Web3 at Vertex Hacks for LeftOverLift
- 🔭 Currently building Plumbr
- 📄 Full experience & writeups → chapagaiashim.com.np
| Cert | Issuer |
|---|---|
| eJPT — Junior Penetration Tester | INE |
| Junior Penetration Tester (PT1) | TryHackMe |
| Programming with Google Go Specialization | UC Irvine |
| OWASP Top 10 — 2021 | Infosec |
| JavaScript Security | Infosec |
| Introduction to Model Context Protocol | Anthropic |
Offensive Security
Languages
Stack & Infra
- Certchain — Tamper-proof certificate issuance & verification platform. Next.js (TS) + NestJS + Prisma + PostgreSQL. Designed, built, and security-hardened end-to-end (authn/authz, input validation, API & business logic).
- LeftOverLift — Web3 food-waste redistribution platform on Polygon with ERC-20 / ERC-721 incentive layer, geo-matching, and SMS notifications. 🏆 Best Use of Web3 at Vertex Hacks.
⚡ "The quieter you become, the more you are able to hear."