Full Stack
Developer

Focused on |

I craft scalable web applications and explore the depths of cybersecurity — passionate about clean code and finding vulnerabilities.

View My WorkContact Me

Full-Stack Dev

React · Node.js · PostgreSQL · Docker

Ethical Hacker

OWASP · Burp Suite · Metasploit

CTF Player

HackTheBox · TryHackMe · Research

Profile

Who Am I

Shihab Shahriar Rashu
Full-Stack
Security
Bangladesh

Shihab Shahriar Rashu

Full-Stack Developer & Security Researcher

CS student building fast, secure web apps with React, Node.js, FastAPI, and PostgreSQL.

CEH certified with hands-on penetration testing experience. I bring a security mindset to everything I build.

0+
Years Dev
0+
Repos
CEH
Certified
Download Resume
Capabilities

Tech & Tools

Development

Frontend

React / Next.jsTypeScriptJavaScriptTailwind CSSFramer MotionHTML5 / CSS3

Backend

Node.jsPython / FastAPIExpress.jsPostgreSQLMongoDBPrisma ORMWebSocketsREST APIs

DevOps & Tools

DockerGit / GitHubAWSVercelLinuxFigmaVS Code
Cybersecurity

Offensive Security

Penetration TestingMetasploitBurp SuiteSQLMapHydraJohn the Ripper

Network Security

WiresharkNmapScapyNetcatTcpdumpNetwork Recon

Platforms & Standards

Kali LinuxHackTheBoxTryHackMeOWASP Top 10CVE Research
Journey

Experience

Web Developer

DevEleven-io
2024 – Present

Building and maintaining full-stack web applications within a GitHub organization. Focused on security-centric architecture, clean component design, and delivering high-performance products collaboratively.

ReactViteTailwind CSSAPI Development

Computer Science Student

University
2025 – Present

Studying core CS fundamentals with a focus on algorithms, data structures, and network security. Actively applying academic knowledge through a growing portfolio of security tools and web platforms.

AlgorithmsPythonNetwork SecurityDatabases

Open Source Contributor

Various Projects
2022 – Present

Contributing to open-source projects across debugging tools, security utilities, and developer tooling. Focused on code quality, documentation, and building tools that solve real problems.

GitSystem DesignJavaScriptSecurity Auditing
Works

Selected Projects

Muhasabah

Muhasabah

Self-reflection and habit tracking platform. Built with React and FastAPI, featuring a PostgreSQL backend and a clean, minimal UI focused on daily journaling and progress tracking.

ReactFastAPIPostgreSQL+1
NetScope-Live

NetScope-Live

Real-time network traffic visualizer with an interactive dashboard. Uses Scapy for packet capture and WebSockets to stream live data to the React frontend.

PythonScapyReact+1
Nexum

Nexum

Scalable social media application with a focus on performance and clean component architecture. Supports real-time interactions and a responsive feed.

ReactViteTailwind CSS+1
{ }

DebugAI

Command-line tool that leverages the Gemini AI API to analyze error messages and suggest fixes. Installable via pip and works across any Python project.

PythonGemini AICLI
Browse all projects
Certifications

Credentials

Certified Ethical Hacker (CEH)

In Progress

EC-Council · 2024

Penetration TestingNetwork SecurityVulnerability Assessment

Full-Stack Web Development

Completed

freeCodeCamp · 2023

ReactNode.jsMongoDBAPIs

AWS Certified Developer

Planned

Amazon Web Services · 2024

Cloud ArchitectureServerlessDevOps

Computer Science Degree

In Progress

University · 2025 – Present

AlgorithmsData StructuresSystem Design
Insights

Security Writeups

CTF
8 min

HackTheBox: Exploiting SUID Binaries for Privilege Escalation

Walkthrough of a medium-difficulty HTB machine involving web enumeration, initial foothold via LFI, and privilege escalation through misconfigured SUID binaries.

Mar 15, 2024Read
Research
12 min

OWASP Top 10: Practical Exploitation & Mitigation

A hands-on breakdown of the OWASP Top 10 vulnerabilities with real exploitation examples and code-level mitigations for each.

Feb 10, 2024Read
Blog
10 min

Secure FastAPI: Auth, Rate Limiting & Input Validation

How to build production-ready FastAPI applications with proper JWT authentication, rate limiting, and input sanitization to prevent common vulnerabilities.

Jan 20, 2024Read
CTF
6 min

TryHackMe: Network Pentesting CTF Walkthrough

Step-by-step walkthrough of a network-focused CTF challenge involving port scanning, service enumeration, and exploitation with Metasploit.

Dec 5, 2023Read
Contact

Get in Touch

Have a project in mind or want to collaborate? Send me a message and I'll get back to you.

Location

Dhaka, Bangladesh

GitHub LinkedIn