SUMMARY

• Over 8+ Years of professional IT Experience in Application Security Testing particularly focused on performing technical activities such as Code review, Vulnerability Analysis, Penetration testing, Secure Application Testing based on OWASP.
• Real time experience in SQL Injection protection, XSS Protection, Script Injection and major hacking protection techniques.
• Specialist in dealing with Security tools such as Kali - Linux, Wireshark, DirBuster, Nessus and IBM AppScan enterprise.
• Experience in different web application security testing tools like Burp Suite, SQL map, OWASP ZAP Proxy, Nessus and Nmap.
• Sound knowledge and industry experience in Vulnerability Assessment and Penetration Testing on WEB based Applications, Mobile based application and Infrastructure penetration testing.
• Well-equipped knowledge in Open Web Application Security Project (OWASP TOP 10), Web Application Security Project (WASP).
• Remarkable experience in manual penetration and application testing.
• Profound knowledge of network architectures, operating systems, application software and cyber security tools.
• Huge knowledge of managing information assurance evaluation tests.
• Ability to exploit recognized vulnerabilities.
• Broad knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.
• Managed the cycle of project continuity, reviewed the technical work of team, and ensured the quality of service deliverables.
• Experience in Threat Modelling during Requirement gathering and Design phases.
• Performed software Licensing audit.
• Experienced in Web Application Firewall developing the signatures.
• Having good experience in Secure SDLC and Source Code Analysis (Manual & Tools) on WEB based Applications.
• Good team player with excellent analytical, inter-personal, communication & written skills, problem-solving and trouble-shooting capabilities. Highly motivated and can adapt to work in any new environment.
• Conducted presentations to clients projecting the security services offered by the firm.

TECHNICAL SKILLS

• Burp Suite, Web scarab, Wire shark, DirBuster
• Windows, Unix, Kali Linux
• MySQL, Oracle .
• Java, JSP, Servlets and J2EE.

PROFESSIONAL EXPERIENCE

Penetration Tester

Confidential, San Jose CA

Responsibilities:

• Manual penetration testing of the applications and APIs to identify the OWASP Top 10 vulnerabilities.
• Training the development team on the secure coding practices.
• Black box pen testing on internet and intranet facing applications.
• OWASP Top 10 Issues identifications like SQLi, CSRF, and XSS.
• Preparation of risk registry for the various projects in the client.
• Providing details of the issues identified and the remediation plan to the stake holders.
• Grey Box testing of the applications.
• Verified the existing controls for least privilege, separation of duties and job rotation.
• Involved in a major merger activity of the company and provided insights in separation of different client data and securing PII.
• Identification of different vulnerabilities of applications by using proxies like Burp suite to validate the server side validations.
• Identified issues on sessions management, input validations, output encoding, Logging, Exceptions, Cookie attributes, encryption, Privilege escalations.
• Execute and craft different payloads to attack he system to execute XSS and different attacks.
• SQLMap to dump the database data to the local folder.

Environment: SQLMap, XSS protection, script injection

Penetration Tester

Confidential, Bloomington, IL

Responsibilities:

• Conducted application Penetration testing of 10+ business applications.
• Conducted Vulnerability Assessment on various applications.
• Acquainted with various approaches to Grey & Black box security testing.
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, Authentication bypass, Weak Cryptography, Authentication flaws etc.
• Conducted security assessment of PKI Enabled Applications.
• Skilled using Burp Suite, NMAP, DirBuster for web application penetration tests.
• Generated and presented reports on Security vulnerabilities to both internal and external customers.
• Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
• Performing manual/automated application security testing on the major changes carried out in the application.
• Vulnerability assessment of various web applications used in the organization using Burp Suite.
• Training the development team on the most common vulnerabilities and common code review issues and explaining the remediation.
• Follow up and ensure the closure of the raised vulnerabilities by revalidating and ensuring 100% Closure.
• Documented information security guidance in step by step operational procedures.
• Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing System.

Environment: Burp Suite, NMAP, DirBuster, XSS, SQL Injection, CSRF.

Penetration Tester

Confidential, Atlanta, GA

Responsibilities:

• Performed manual application security testing on the everyday changes carried out in the application.
• Performed Automation scanning and analysis on the applications on a monthly basis.
• Uncovered high vulnerabilities at the infrastructure level for internet facing web sites.
• Documented information security guidance in step by step operational procedures.
• Performed static code reviews with the help of automation tools.
• Network scanning using tools like Nmap and Nessus
• Initiative to streamline the access control mechanism of various applications.
• Provided the development team with detailed reports based on the findings obtained from the manual and automated testing methodologies, also provide the necessary remedies for individual findings.
• Attended meetings with development team to discuss the previously submitted reports on the findings to ensure that the fixes are made to those applications.
• Performed a threat analysis on the new requirements and features.
• Burp Suite, DirBuster, Hp Fortify, NMap tools were used as part of the penetration testing, on daily basis to complete the assessments.

Environment : Nmap, Nessus, Burp Suite, DirBuster and Hp Fortify

Security Test Engineer

Confidential

Responsibilities:

• Identified attacks like SQLi, XSS, CSRF, RFI/LFI, logical issues.
• Performed security implementation for authorization, by controls like principle of least privilege, Relinquishing privilege when not in use, Non guessable tokens, forced browsing.
• Using various Firefox add-ons like Flag fox, Live HTTP header, and Tamper data to perform the pen test.
• Performed port scanning using Network scanning tools like NMap and Nessus.
• Diagnosed and troubleshot UNIX and windows processing problems and applied solutions to increase client security.
• Performing manual/automated application security testing on the major changes carried out in the application.
• Guiding the developers in fixing the issues by simulating the attack.
• Performing a threat analysis on the new requirements and features.
• Taking Training session and spreading security awareness.