Saood Nasir Sangle

Production Technical Showcases

Flight Report Automation Pipeline — Aviation Oasis

Production-Grade Asynchronous Automation & Security Architecture

Architected and deployed a containerized, stateful asynchronous backend automation workflow designed to ingest unstructured pilot post-flight logs, process payloads through strict validation boundaries, and expose interactive distributed endpoints using secure communication channels.

Engineered Architecture Workflow:

Ingestion & AI Structuring: Established an IMAP listener watching the operations gateway, instantly offloading unstructured texts to OpenRouter API with optimized system prompts executing programmatic JSON schema extraction.
Secure Webhook Exposure: Wrapped local execution instances securely inside a containerized cloudflared daemon (Cloudflare Tunnel), mapping public edge addresses to inner webhooks without opening hazardous inbound router ports on local firewalls.
Asynchronous HITL State Machine: Formulated state freezing routines utilizing n8n context data structures ($execution.resumeUrl) embedded into Telegram callback channels, letting managers review, selectively edit, or reject transactions natively on-screen without active memory leaks.

n8n Orchestration Cloudflare Tunnels Docker Storage Python Snippets Asynchronous Logic

Analyzing WAF Resilience Against Obfuscated Attack Payloads

Vulnerability Research Lab | University of Surrey | Supervised by Dr. Robert Granger Awarded Distinction

Evaluated the perimeter resilience of ModSecurity v3 coupled with OWASP CRS 3.3.7 on Apache 2.4 fronting the Damn Vulnerable Web Application (DVWA)[cite: 17, 18]. Developed a token-preserving request duplication layer to measure exactly how input transformations distort structural parsing across strict threshold configurations[cite: 19, 20].

Empirical Testbed Matrix (Experimental Results) [cite: 18, 662]

Attack Class	Payload Vector / Obfuscation Style	C1 (PL1/5)	C2 (PL2/10)	C3 (PL3/15)	C4 (PL4/20)
SQLi	`'OR "1"="1` (With spaces/folding) [cite: 380, 913]	Blocked [cite: 663]	Blocked [cite: 663]	Blocked [cite: 663]	Blocked [cite: 663]
SQLi	`//OR//'1'='1` (Inline Comment Padding) [cite: 380, 918]	Blocked [cite: 663]	Blocked [cite: 663]	Blocked [cite: 663]	Blocked [cite: 663]
XSS	`<script>alert(1)</script>` (Direct Element Injection) [cite: 380, 920]	Reached [cite: 663]	Reached [cite: 663]	Blocked [cite: 663]	Blocked [cite: 663]
XSS	`<img src=x onerror=alert(1)>` (Attribute Breakout) [cite: 380, 921]	Reached [cite: 663]	Reached [cite: 663]	Blocked [cite: 663]	Blocked [cite: 663]
CMD	`127.0.0.1 && whoami` (Chained Shell Operator) [cite: 380, 925]	Blocked [cite: 663]	Blocked [cite: 663]	Blocked [cite: 663]	Blocked [cite: 663]
CMD	`127.0.0.1%257C uname -a` (Double Encoded Pipe) [cite: 380, 927]	Blocked [cite: 663]	Reached [cite: 663]	Blocked [cite: 663]	Reached [cite: 663]

Core Analytical Contributions:

Libinjection Verification: Proved signatureless tokenizers cleanly process padded and comment-folded SQLi payloads without relying on upper paranoia configurations[cite: 216, 217].
XSS Detection Borders: Mapped out why DOM breakout rules are deferred until PL3+ to mitigate false positive penalties across harmless public corporate traffic templates[cite: 211, 667].
Late-Stage Surfacing Flaws: Analyzed input transformation sequencing conflicts where multi-pass URL decodings (e.g., %257C) trigger scoring anomalies that result in sub-threshold execution slips[cite: 228, 229].

ModSecurity v3 OWASP Core Rule Set Vulnerability Auditing Firefox DevTools Replay

Academic Background & Core Capabilities

MSc in Cyber Security

University of Surrey, UK | Expected Graduation: April 2027

Enrolled within a fully National Cyber Security Centre (NCSC) certified program housed at an Academic Centre of Excellence in Cyber Security Research (SCCS). Advanced training focuses heavily on implementing secure engineering defenses, defensive software design, and perimeter threat modeling:

Core Domain Specializations:

Network Defense Engineering: Analyzing deep packet headers, evaluating threat vectors across complex topologies, and implementing secure cryptographic protocol barriers protecting the network stack.
Systems & Platform Security: Practical auditing of software vulnerabilities, exploring runtime boundary compromises (memory corruption, access management), and deploying hardened system structures.
Data Protection & Cryptographic Protocols: Structuring enterprise data security systems backed by symmetric/asymmetric encryption models, signature algorithms, and key management lifecycles.
Infrastructure Management & Risk Governance: Translating industrial control standards (NIST, ISO 27001) into operational business frameworks, mapping corporate risk matrices, and designing incident response mitigation loops.
Hands-On Penetration Testing & Cloud Automation: Practical training in offensive security simulations, vulnerability analysis via automated frameworks, and building highly scalable, containerized infrastructure securely.

B.E. in Electronics Engineering

M.H. Saboo Siddik College of Engineering, Mumbai (University of Mumbai) | Graduation: May 2023

Four-year professional engineering foundation providing an extensive architectural edge. Merging strict physical hardware engineering backgrounds cleanly with software platform operations:

Advanced analysis of circuit layouts, digital processor microarchitectures, and hardware systems programming.
Robust tracking of physical routing paths, system data-buses, and fundamental network communication layer invariants.

Professional Credentials: CompTIA Security+ — Course Training Completed

Technical Arsenal & Core Competencies

Application & Network-Layer Security

Cloud Automation & Infrastructure