Security Tested 20 Web Applications. Found hundreds of small-medium and several high-critical level vulnerabilities such as Database Leak (SQLi) and Gained Admin Access (Broken Access Control).
Utilized both automated (with tools like NMap, SQLMap, Nessus, Nikto, Dirsearch and more) and manual OWASP Pentest Methods (with tools like Burpsuite and OWASP Zap [for reconnaissance and spidering]) on both Network and Application sides.
Since the nature of this particular internship project is very secretive, here are some screenshots of high-critical vulnerabilities findings that i found during the internship:
Web defacement: found a web defacement of Slot Gacor
Database Leak: SQLi vulnerability is found using combination of SQLMap and Burpsuite.
Broken Access Control: Able to change role to admin and change datas using Burpsuite.
Session Hijack: Able to steal cookie with stored XSS and Netcat
Wordpress Plugins Vulnerabilities: Found wordpress vulnerabilities with wordpress security scanner.
Reports: the above image is all the reports pdf that i made on pentesting 20 web apps.