Karan Sasan is a Senior Software Engineer based in Surrey, BC, with a decade-plus of professional experience and seven years of focused engineering roles across cloud, security, and platform teams. He has led teams and architected reliable systems at Microsoft, Salesforce, Intuit, SAP and PocketPills—reducing integration time from weeks to hours, redesigning monoliths into modular architectures, and delivering a patent-backed cloud data encryption layer. A pragmatic security-minded engineer, Karan leads the OWASP VulnerableApp project and contributes to the widely used ZAP proxy, demonstrating deep hands-on expertise in web-app vulnerabilities and scan filter enhancements. He built PKI tooling at Salesforce to issue short- and long-lived certificates and guided cross-functional teams through critical migrations. Comfortable shipping backend services, architecting integrations, and mentoring engineers, he blends production-grade security practices with measurable reliability and efficiency gains. Beyond typical engineering work, he co-runs open-source security efforts and is building VinTin-ai, signaling an interest in AI and applied security tooling.
7 years of coding experience
9 years of employment as a software developer
Bachelor's Degree Computer Science, Bachelor's Degree Computer Science at Thapar Institute of Engineering & Technology
High School Science (Non Medical), High School Science (Non Medical) at Nosegay Public School
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
Role in this project:
Back-end Developer
Contributions:13 releases, 427 reviews, 855 commits in 3 years 4 months
Contributions summary:Karan primarily contributed to the development of the application's backend, specifically focusing on implementing and modifying vulnerabilities related to XSS, URL Redirection, and Command Injection. The user demonstrated a strong understanding of security best practices and added levels of protection against these vulnerabilities. The changes involve code related to handling HTTP requests, parsing data from user input, and integrating with various security mechanisms to prevent exploitation.
Contributions:58 reviews, 59 commits, 16 PRs in 1 year 10 months
Contributions summary:Karan contributed code to the ZAP by Checkmarx Core project, which focuses on web application security. The commits show the user adding and modifying Java code, specifically related to scan filters for URLs and tags. This involved making changes to classes like `URLPatternScanFilter`, `TagScanFilter`, and `GenericFilterUtilityTest`, indicating a focus on improving the scanning capabilities of the ZAP proxy. Furthermore, the user made changes in the `ActiveScanController` to incorporate scan filters.
owasp-zapzap-developmentsecuritydastowasp
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Karan Sasan - Senior Software Engineer at Microsoft