We provide IT Staff Augmentation Services!

Web Application Penetration Testing/vulnerability/security Tester Resume

Reston, VA

PROFESSIONAL SUMMARY:

  • An IT security professional with 8+ years of expertise in penetration testing and vulnerability assessments on various applications in different domains.
  • Experience in implementing security in every phase of SDLC. Excellent knowledge in OWASP Top 10 2010, and WASC THREAT CLASSIFICATION 2.0 methodologies.
  • Broad knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.
  • Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc.
  • Experience using a wide variety of security tools to include Kali - Linux, Wireshark, Lophtcrack, Snort, Cain and Abel, Nitko, Dirbuster, IBM App scan, Nessus, Open Vas, W3AF, BeEF, Etthercap, Maltego, Experience with scheduling firewall policy provisioning and user interaction to identify connectivity related issues.
  • Experience in different web application security testing tools like Acunetix, Metasploit, Burp Suite, Sqlmap, OWASP ZAP Proxy, Nessus, Nmap and HP Fortify.
  • Sound knowledge and industry experience in Vulnerability Assessment and Penetration Testing on WEB based Applications, Mobile based application and Infrastructure penetration testing.
  • Extensive experience working with Qualys Guard to conduct Network Security assessments.
  • Capable of identifying flaws like Injection, XSS, Insecure direct object reference, Security Misconfiguration, Sensitive data exposure, Functional level access control, CSRF, Invalidated redirects.
  • As a Security Consultant involved in enhancing the security stature of the project by initiatives like Threat Modeling, Security awareness sessions.
  • Excellent programming skills on JavaScript, Python Scripting and Ruby.
  • Knowledge in Windows/Linux operating system configuration, utilities and programming
  • Broad knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.
  • Hands on Experience working with LAN and WAN topologies, TCP/IP protocol, routers, switches, and firewalls in Internet, Intranet and Extranet environments.
  • Excellent team player, enthusiastic initiator, and ability to learn the fundamental concepts effectively and efficiently.
  • Performed software Licensing audit.
  • Having good experience in Secure SDLC and Source Code Analysis (Manual & Tools) on WEB based Applications.

TECHNICAL SKILLS:

Tools: IBM AppScan Standard Edition, HP Web Inspect, Acunetix, Burp proxy, Parosproxy, Wire shark, OWASP, Web Scarab, map, Metasploit, Burp Suite, SQLmap, OWASP ZAP Proxy and HP Fortify,DIR-Buster, Acunetix Web Scanner, SQL Injection Tools, Havij, CSRFTester AND Kali Linux, Fortify, veracoad, Webgoat SSL implementation, RSA implementation, PKI (Public key infrastructure) Encryption algorithms

Platforms: Windows 98/2000/XP/Vista/Windows 7, Windows Server 2000/2003/2008

Database: My SQL 5.0

Packages: MSOffice

Network Tools: NMap, Wire Shark, Nessus, Qualys Guard

Network Enumeration: Maltego, Google Hacking, DNS, SMB, LDAP.

Port/Vulnerability Scanning: Nmap/Nmap Scripting Engine (NSE), Netcat, Nessus

Sniffing/ManintheMiddle: Wireshark, Ettercap, Cain

Web Application Vulnerability Scanning: Nessus, OpenVas, Vega, Acunetix, HP Web inspect, IBM AppScan.

Server/ClientSide Exploitation: Metasploit, Social Engineering Toolkit (SET).

Password Cracking: Hydra, Rainbow Crack, 0phcrack, John the Ripper, Pyrit

Web Application: Manual SQL Injection, Manual Cross Site Scritping(XSS), Cross site request forgery(CSRF), SQLmap

Debuggers: Ollydbg, WinDBG.

Wireless: Aircrack-NG Suite and Kismet

WORK EXPERIENCE:

Confidential, Reston, VA

Web Application Penetration Testing/Vulnerability/Security Tester

Responsibilities:

  • Conducted application penetration testing of 50+ business applications
  • Conducted Vulnerability Assessment of Web Applications
  • Performed functional testing of security solutions like RSA two factor authentication, Novel single sign on, DLP and SIEM
  • Worked on various business development activities like drafting response to RFP's and preparing SOW's documents
  • Acquainted with various approaches to Grey & Black box security testing
  • Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws etc.
  • Conducted security assessment of PKI Enabled Applications
  • Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Dirbuster, Qualysguard, Qualys VM and WAS, Nessus, SQLMap for web application penetration tests and infrastructure testing.
  • Performing onsite & remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment.
  • Capturing and analyzing network traffic at all layers of the OSI model.
  • Monitor the Security of Critical System (e.g. e-mail servers, database servers, Web Servers, Application Servers, etc.).
  • Change Management to highly sensitive Computer Security Controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
  • Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities and develop remediation plans and Security Procedures.
  • Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
  • The experience has enabled me to find and address security issues effectively, implement new technologies and efficiently resolve security problems. With having strong Network Communications, Systems & Application Security (software) background looking forward for implementing, creating, managing and maintaining information security frameworks for large scale challenging environments.

Confidential, Simpsonville, SC

Web Application Penetration Testing/Vulnerability/Security Tester

Responsibilities:

  • Performed security research, analysis and design for all client computing systems and the network infrastructure.
  • Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
  • Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and Web Scarab, YASCA, HP Webinspect.
  • Coordinate with dev team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and the impact of the issue.
  • Security testing of APIs using SOAP UI.
  • Experience in using Kali Linux to do web application assessment with tools like Dirbuster, Nikto, and Nmap.
  • Good knowledge on IBM Appscan to enhance the web application security.
  • User ID reconciliation on quarterly basis.
  • Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing system.
  • Threat modeling of the Project by involving before development and improving the security at the initial phase.
  • STRIDE assessment of the applications during the design phase, identifying the threats possible and providing security requirements.
  • Training the development team on the most common vulnerabilities and common code review issues and explaining the remediation.
  • Good knowledge in programming and scripting in .net, Java.
  • Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
  • Good experience in Web technologies like HTTP, HTML, CSS, Forms, Database Connectivity.

Confidential, Charlotte, NC

Web Application Penetration Testing/Vulnerability/Security Tester

Responsibilities:

  • Conducted application penetration testing of 10+ business applications
  • Conducted Vulnerability Assessment on Various Applications.
  • Acquainted with various approaches to Grey & Black box security testing
  • Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc.
  • Conducted security assessment of PKI Enabled Applications.
  • Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Havij, DirBuster for web application penetration tests.
  • Generated and presented reports on Security Vulnerabilities to both internal and external customers.
  • Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
  • Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and Web Scarab, YASCA, HP Web Inspect.
  • Training the development team on the most common vulnerabilities and common code review issues and explaining the remediation.
  • Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% closure.
  • Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing System.

Confidential, Woodbridge, VA

Web Application Penetration Testing/Vulnerability/Security Tester

Responsibilities:

  • Planning, Conducting and reporting Vulnerability and risk assessment of applications. Risk associated with vulnerability explained to the project team for better understanding and guiding project team towards its closure / remediation.
  • Performed vulnerability testing, application security, database security and penetration testing against various technologies like Ajax, Flash and Web services.
  • Identification of Injection, Business logic, Authentication, Session Management, etc... related flaws in applications and encasing attack scenarios and associated risk to business.
  • Providing preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy.
  • Assisting customer in understanding risk and threat level associated with vulnerability so that customer may or may not accept risk with respect to business criticality
  • Assisting in review of business solution architectures from security point of view which helps avoiding security related issues/threats at the early stage of project
  • Ensuring compliance with legal and regulatory requirements.

Confidential

Jr. Security Engineer

Responsibilities:

  • Perform threat modeling of the applications to identify the threats.
  • Identify issues in the web applications in various categories like Cryptography, Exception Management.
  • Risk assessment on the application by identifying the issues and prioritizing the issues based on risk level.
  • In the team, main focus of work was to audit the application prior moving to production.
  • Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts to rework on issues identified during penetration tests.
  • Providing remediation to the developers based on the issues identified.
  • Revalidate the issues to ensure the closure of the vulnerabilities.
  • Verify if the application has implemented the basic security mechanisms like Job rotation, Privilege escalations, Lease Privilege and Defense in depth.
  • Using various add on in Mozilla to assess the application like Wappalyzer, Flagfox, Live HTTP Header, Tamper data.

Hire Now