Hi, I am Nirvana

I am

Contact Me

About Me

I find myself fascinated by the process of penetration testing, also known as "pentesting" if you want to sound more hip, which involves the action of hacking into a computer system in order to learn what sorts of risks may present themselves. It is not a concept that suddenly sprang up out of the blue but is actually something that has been developing since early childhood where I would contemplate the way in which the complex workings of technology operated and was interested in understanding their inner mechanisms.

Interest in the way in which systems were put together has expanded into interest in cyber security which includes both building these systems and the methods by which they can be hacked, analyzed, and protected against attacks. Technology itself is no simple thing but rather a complicated wonderland begging to be explored and understood. - Nirvana Handika Putra

My Experience

Experience is the teacher of all things.

Penetration Tester

CyberGuard Solutions

Conducted comprehensive vulnerability assessments and advanced penetration testing on enterprise web applications and network infrastructures. Discovered critical security flaws and provided actionable remediation strategies to ensure compliance with industry standards.

Tech Product Evangelist

Freelance / Community

Promoting developer tools and cloud platforms (e.g., DigitalOcean, GitHub Student Pack), helping others get started through tutorials and sharing resources.

Web Developer & Security Consultant

Freelance

Developed modern, high-performance web applications tailored to client needs while simultaneously auditing their digital infrastructure for vulnerabilities. Implemented secure coding practices to prevent exploits like XSS and SQL injection.

My Projects

A few projects I’ve already built and shared.

BaseBotWhatsApp cover artwork

BaseBotWhatsApp

GitHub

A WhatsApp automation bot that handles commands, sessions, and smooth interactions. It works well as a base for a personal bot or for adding more features later.

WhatsApp Bot Automation Node.js
View on GitHub
LSM Updated cover artwork

LSM Project

GitHub

A web contest project for SMK Metland 1, built with a team of three. The focus was on making it look clean, responsive, and ready for competition use.

Web Lomba Team of 3 Responsive
View on GitHub

My Certifications

certified and ready to accomplish.

BMKG

BMKG

CVSS 7.4

Parameter-Based XSS

Identified a parameter-based XSS issue on the BMKG web platform, where unsanitized input in request parameters can lead to arbitrary JavaScript execution in the browser context.

CVE-2026-1493
Pekalongan

DISKOMINFO Kota Pekalongan

CVSS 9.8

SQL Injection

Identified a critical SQL Injection vulnerability on the Pekalongan city government portal. Exploitation allows unauthenticated attackers to read, modify, or delete sensitive data from the backend database.

CVE-2026-39511
Cimahi

DISKOMINFO Kota Cimahi

CVSS 5.3

Information Disclosure (CWE-209)

Found an information disclosure flaw where unhandled CBDException errors expose sensitive internal stack traces and system details to end users, aiding potential attackers in reconnaissance.

CWE-209
Magelang

DISKOMINFO Kota Magelang

CVSS 2.6

Internal Server Error (HTTP 500)

Observed an HTTP 500 error condition with limited security impact. This behavior should still be fixed to improve stability and reduce unnecessary information exposure.

Cloud Aja

CV Cloud Aja

CVSS 6.1

Parameter-Based XSS

Identified a parameter-based XSS issue where unfiltered URL/input parameters can be interpreted as executable script in the response context.

CVE-2026-1493
Yogyakarta

DISKOMINFO Prov. Yogyakarta

CVSS 5.5

Full Path Disclosure

Identified a full path disclosure vulnerability where error responses reveal the server's absolute filesystem paths. This information assists attackers in mapping the server structure for further targeted exploitation.

CVE-2025-6082
Jawa Barat

DISKOMINFO Prov. Jawa Barat

CVSS 3.1

Type Error / Information Leakage

Found an unhandled PHP type-juggling warning ("A non well formed numeric value encountered") exposed in HTTP responses. While low severity, this leakage reveals backend technology stack and PHP version details.

Type Error Disclosure
Jombang

DISKOMINFO Kab. Jombang

CVSS 10.0

Sensitive Data Exposure (.env Leak)

Discovered a publicly accessible .env file containing database credentials (username & password), application secret keys, and service tokens. Full server compromise is achievable via this single finding.

CVE-2021-3129
Denpasar

DISKOMINFO Kota Denpasar

CVSS 9.8

SQL Injection (CWE-89)

Identified a critical SQL Injection vulnerability on the Denpasar city portal's search and filter parameters. Exploitation enables full database enumeration, authentication bypass, and potential remote code execution.

CWE-89 · SQL Injection
Detikcom

Detikcom

CVSS 3.7

Broken Link Hijacking

Reported a broken link hijacking issue on the Detikcom media platform where expired or unclaimed external resource links can be re-registered by malicious actors to serve arbitrary content under the trusted domain's context.

Broken Link Hijacking

Get In Touch

Feel free to reach out to me if you want to collaborate, discuss a project, or just say hi. You can easily find me on Telegram or Instagram!

Telegram Instagram