> mersa-v6_
~/security/research$./identify.sh
> mersa-v6_

mersaCybersecurity Researcher& Bug Bounty Hunter

terminal
$ echo $MISSION
"I find and report real-world security vulnerabilities across modern web apps, APIs, and production systems."
>_
220+ Valid Vulnerabilities AcceptedResponsible DisclosureGraphQL & API SecurityWeb SecurityMobile SecurityCloud Security
View BlogHackerOne ProfileGitHubContact Me
// 01 / About

Who I Am

M
mersa-v6
> mersa-v6_
Cybersecurity Researcher

I'm mersa-v6, a cybersecurity researcher and bug bounty hunter focused on finding real security vulnerabilities in production web applications, APIs, and modern SaaS platforms.

My research covers web application security, API security, GraphQL testing, IDOR and broken access control, authentication and authorization flaws, recon, vulnerability chaining, and responsible disclosure. I work across public and private bug bounty programs on major platforms.

The work is practical and grounded — finding vulnerabilities that affect real systems, documenting them clearly, and reporting them responsibly. No overclaiming, no noise. Just reproducible findings that help security teams improve.

Web App SecurityAPI SecurityGraphQLIDOR / BOLAAccess ControlReconResponsible Disclosure
// 02 / Impact

Research at a Glance

A high-level picture of security research activity across bug bounty and vulnerability disclosure programs.

220+
Valid Vulnerabilities
Accepted across bug bounty and disclosure programs
Hall of Fame
Recognition
Recognized by multiple security programs
Multi-Program
Research Scope
Research across major platforms and SaaS systems
Real Impact
Production Bugs
Focused on vulnerabilities that affect live systems
// 03 / Programs

Recognized Across Programs

Selected programs where my security research has been recognized or accepted.

UUber
Uber
Bug bounty & vulnerability disclosure
EEpic Games
Epic Games
Bug bounty & vulnerability disclosure
CCapital One
Capital One
Bug bounty & vulnerability disclosure
AAmazon
Amazon
Vulnerability disclosure program
MMetaMask
MetaMask
Bug bounty & vulnerability disclosure
CCodeRabbit.ai
CodeRabbit.ai
Bug bounty & vulnerability disclosure
SSonatype
Sonatype
Vulnerability disclosure program
IIBM
IBM
Vulnerability disclosure program
JJFrog
JFrog
Bug bounty & vulnerability disclosure
CConsensys
Consensys
Bug bounty & vulnerability disclosure
LLyft
Lyft
Bug bounty & vulnerability disclosure
MMollie
Mollie
Bug bounty & vulnerability disclosure

Research conducted independently under each program's responsible disclosure and bug bounty terms.

// 04 / Skills

Technical Skills

Core competencies applied across security research and bug bounty work.

Web Application Security
API Security Testing
GraphQL Security
IDOR & Access Control
Recon & Asset Discovery
Vulnerability Chaining
Authentication & Authorization Testing
Business Logic Testing
JavaScript Endpoint Analysis
Responsible Disclosure
Vulnerability Reporting
// 05 / Contact

Get In Touch

For security research, responsible disclosure, collaboration, or professional opportunities, feel free to reach out.

Hhackerone
HackerOne
Bug bounty & vulnerability reports
HPhackenproof
HackenProof
Vulnerability disclosure & research
GitHub
Open source & research tools
Lilinkedin
LinkedIn
Professional networking
Xtwitter
X / Twitter
Security research updates
Email
contact@mersa.info