Available for work

Full StackDeveloper

Focused on|

I craft scalable web applications and explore the depths of cybersecurity. Passionate about writing clean code and discovering new vulnerabilities.

View My WorkContact Me

Full-Stack Dev

Engineering

React · Node.js · PostgreSQL · Docker

Ethical Hacker

Research

OWASP · Burp Suite · Metasploit

CTF Player

Community

HackTheBox · TryHackMe · Research

Profile

Who I Am

Shihab Shahriar Rashu
Full-Stack
Security
Bangladesh

Shihab Shahriar Rashu

Full-Stack Developer & Security Researcher

Full-Stack Developer and CS student based in Bangladesh. I build web apps that are fast, secure, and maintainable — spanning React, Node.js, FastAPI, and PostgreSQL.

CEH certified with hands-on experience in penetration testing and network security. I bring a security mindset to everything I build.

0+
Years Dev
0+
Repos
CEH
Certified
Download Resume
Capabilities

Tech & Tools

Development

Frontend

React / Next.js
TypeScript
JavaScript
Tailwind CSS
Framer Motion
HTML5 / CSS3

Backend

Node.js
Python / FastAPI
Express.js
PostgreSQL
MongoDB
Prisma ORM
WebSockets
REST APIs

DevOps & Tools

Docker
Git / GitHub
AWS
Vercel
Linux
Figma
VS Code
Cybersecurity

Offensive Security

Penetration Testing
Metasploit
Burp Suite
SQLMap
Hydra
John the Ripper

Network Security

Wireshark
Nmap
Scapy
Netcat
Tcpdump
Network Recon

Security Platforms

Kali Linux
HackTheBox
TryHackMe
OWASP Top 10
CVE Research
Journey

Experience

2024 – Present

Web Developer

DevEleven-io

Building and maintaining full-stack web applications within a GitHub organization. Focused on security-centric architecture, clean component design, and delivering high-performance products collaboratively.

ReactViteTailwind CSSAPI Development
2025 – Present

Computer Science Student

University

Studying core CS fundamentals with a focus on algorithms, data structures, and network security. Actively applying academic knowledge through a growing portfolio of security tools and web platforms.

AlgorithmsPythonNetwork SecurityDatabases
2022 – Present

Open Source Contributor

Various Projects

Contributing to open-source projects across debugging tools, security utilities, and developer tooling. Focused on code quality, documentation, and building tools that solve real problems.

GitSystem DesignJavaScriptSecurity Auditing
Works

Selected Creations

Muhasabah

Muhasabah

Self-reflection and habit tracking platform. Built with React and FastAPI, featuring a PostgreSQL backend and a clean, minimal UI focused on daily journaling and progress tracking.

ReactFastAPIPostgreSQL+1
NetScope-Live

NetScope-Live

Real-time network traffic visualizer with an interactive dashboard. Uses Scapy for packet capture and WebSockets to stream live data to the React frontend.

PythonScapyReact+1
Nexum

Nexum

Scalable social media application with a focus on performance and clean component architecture. Supports real-time interactions and a responsive feed.

ReactViteTailwind CSS+1
{ }

DebugAI

Command-line tool that leverages the Gemini AI API to analyze error messages and suggest fixes. Installable via pip and works across any Python project.

PythonGemini AICLI
Browse Repository
Certifications

Credentials

Certified Ethical Hacker (CEH)

In Progress
EC-Council2024
Penetration TestingNetwork SecurityVulnerability Assessment

Full-Stack Web Development

Completed
freeCodeCamp2023
ReactNode.jsMongoDBAPIs

AWS Certified Developer

Planned
Amazon Web Services2024
Cloud ArchitectureServerlessDevOps

Computer Science Degree

In Progress
University2025 – Present
AlgorithmsData StructuresSystem Design
Insights

Security Writeups

CTF
8 minMar 15, 2024

HackTheBox: Exploiting SUID Binaries for Privilege Escalation

Walkthrough of a medium-difficulty HTB machine involving web enumeration, initial foothold via LFI, and privilege escalation through misconfigured SUID binaries.

HackTheBoxLinux
Read Full
Research
12 minFeb 10, 2024

OWASP Top 10: Practical Exploitation & Mitigation

A hands-on breakdown of the OWASP Top 10 vulnerabilities with real exploitation examples and code-level mitigations for each.

OWASPWeb Security
Read Full
Blog
10 minJan 20, 2024

Secure FastAPI: Auth, Rate Limiting & Input Validation

How to build production-ready FastAPI applications with proper JWT authentication, rate limiting, and input sanitization to prevent common vulnerabilities.

FastAPIPython
Read Full
CTF
6 minDec 5, 2023

TryHackMe: Network Pentesting CTF Walkthrough

Step-by-step walkthrough of a network-focused CTF challenge involving port scanning, service enumeration, and exploitation with Metasploit.

TryHackMeNmap
Read Full

Latest vulnerability research & CTF solutions

Follow Research on GitHub
Contact

Let’s keep it simple.

Send a quick message with your idea and I'll get back to you soon. No clutter, just clear contact info and an easy form.

Contact details

Email

shihab.zn4@gmail.com

Location

Dhaka, Bangladesh 🇧🇩

Stay connected

GitHubLinkedIn