Skip to content
View salmankhwaja's full-sized avatar
6 followers · 26 following

Achievements

Achievement: Arctic Code Vault ContributorAchievement: Pull Shark

Achievements

Achievement: Arctic Code Vault ContributorAchievement: Pull Shark

Block or report salmankhwaja

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
salmankhwaja/README.md

Hi , I'm Salman, Khwaja

Application Security Architect | DevSecOps | Security Automation
I help teams ship software that survives contact with attackers.

🧠 What I Do

I work at the intersection of application security, DevSecOps, and automation, focusing on building security into delivery pipelines instead of stapling it on later.

  • 🔐 Web & API Security Testing (manual + automated)
  • ⚙️ DevSecOps pipelines (SAST, DAST, SCA, secrets scanning)
  • 🧪 Security automation using Python, Bash, PowerShell
  • 🧱 Secure SDLC design and architecture reviews
  • 📚 Security training & awareness for engineering teams

🚧 Skills I’m Actively Working On

Because stagnation is just technical debt with feelings.

GitPythonPHPJavaScriptGNU BashVS CodeSublime TextHTML5OracleMongoDBFlaskFirebasePostgreSQLMySQLFigmaMicrosoft AzureGoogle CloudWordpressLinuxUbuntuFedoraDjangoAmazon Web ServicesKubernetesDocker

  • 🤖 AI for Application Security
    Using GenAI for threat modeling, secure code review assistance, and security test generation

  • 🔍 Advanced API Security Testing
    GraphQL, BOLA prevention, schema-driven testing, and abuse-case modeling

  • 🧰 Security Automation at Scale
    Policy-as-code, custom security gates in CI/CD, and automated evidence generation

  • 🧠 Threat Modeling for Agile Teams
    Lightweight, repeatable models that developers actually use

  • 🛡️ Cloud-Native Security Controls
    Container hardening, secrets management, and runtime visibility

🛠️ Tools & Tech I Use (voluntarily and otherwise)

  • AppSec: Burp Suite, OWASP ZAP, Semgrep, SonarQube
  • DevSecOps: GitHub Actions, Azure DevOps, GitLab CI
  • Containers: Docker, WSL, container security tooling
  • Scripting: Python, Bash, PowerShell
  • Frameworks: OWASP Top 10, ASVS, SAMM 2.0, PCI DSS
  • Observability: Grafana, Loki, Promtail

📂 What You’ll Find Here

  • 🔎 Security testing scripts and automation
  • 🤖 DevSecOps pipeline integrations
  • 🧩 Proof-of-concepts for vulnerabilities and mitigations
  • 📄 Labs, notes, and teaching material

Most repositories exist because doing things manually is a design failure.

📊 GitHub Stats

Because numbers make people feel reassured.

GitHub

### Badges

My GitHub Stats

salmaankhwaja's GitHub stats

Top Languages

Top Repositories








🎓 Teaching & Community

  • Adjunct faculty teaching DevOps and cybersecurity
  • Trainer for secure coding and application security
  • Advocate for security that enables delivery instead of blocking it

📫 Let’s Connect

If you’re here to learn, borrow, or validate your security assumptions. You’re in the right place.

Pinned Loading

  1. InfoSecDocs InfoSecDocs Public

    This project is made for the people who would be the administrators of IIS or who would be securing the Servers. Basically, as Security and Hacking are increasing, their is a pressing need to bring…

    2

  2. DevOpsProject DevOpsProject Public

    A Repo made for Student for DevOps Project / Bootcamp

    Python

  3. commandLineFu commandLineFu Public

    System Administration Command Lines

  4. DockerGoodies DockerGoodies Public

    Docker goodies.

    HTML

  5. Awesome-Hacking Awesome-Hacking Public

    Forked from Hack-with-Github/Awesome-Hacking

    A collection of various awesome lists for hackers, pentesters and security researchers