About Me

My name is Pratik Amin. I'm a security person who has spent the last 10+ years doing a bunch of different stuff. Starting off I was mostly focused on infrastructure security testing and then eventually went more and more into application security - but still focused on pentesting apps. I've spent the last several years being pretty heavily involved in reviewing different things related to AWS as well.

People tend to not spend a lot of time in pentesting, especially without moving to management or just shunning the industry all together - one of the things that has kept me sane over the last decade and a bit has been working with and teaching people who are new to the industry. Part of the reason I wanted to start this site was to put down (in something I control) some of my general thoughts about AppSec, security and just other ramblings.

This page has information about a collection of random AppSec and cloud security challenges that I put together for fun. Most of these are more focused on (pretty straightforward) problem solving and understanding of how things work over trying to exploit a given known vulnerability.

There are a lot of resources online where you can practically exploit things such as SQL Injection or SSRF but as someone who often works with people who are new to the industry I find that people tend to over-value these things. Obviously knowing how to exploit a specific vulnerability is really important but knowing the mechanics behind how and why they work is just as important. The cloud stuff is here mostly just because I have a lot of years whittling away on various projects involving AWS :)

I also wanted to put this together to help me practice some things I don't do often as part of my day job!