Analytical and professional Security Consultant with 3 years of experience in manual and automated Vulnerability Assessments of Web Applications and Web Services. Motivated and eager to advance my career with a unique mix of high-level technology direction, growth-oriented, technically-advanced organization
Have hands on experience in testing application security on OWASP Pen testing methodology, attack vectors in web applications.
.Planning and analyzing the security testing scope based on requirements and provide best security practices to the development teams.
Expertise in performing Vulnerability assessments through manual testing by finding the business logic related flaws in Web Applications.
Performing risk assessment and creating reports for the same.
Understanding new concepts & conducting information security evaluation for new projects manually and through automated tools.
Identify Security Vulnerabilities and articulate the business risks to stake holders for one of the major clients.
Expertise in performing Vulnerability assessments through manual testing by finding the business logic related flaws in Web Applications.
Identify Security Vulnerabilities and articulate the business risks to stake holders for one of the major clients.
Hands-on experience in testing application security as per the guidelines/requirements from OWASP.
Sufficient insight on Critical Vulnerabilities such as XSS, CSRF, SQL, and other custom vulnerabilities like Account compromise through various ways and RCE through exposed Apache Tomcat login Interface, etc in the applications.
Performed numerous(150+) Web Applications, Web Services Security Testing.
Able to analyze the root cause of the vulnerability and deliver strategic recommendations during security review.
Understood basics of Mobile Application security testing and Source Code Review.
Performed vulnerability assessments to ensure proper security measures are being taken for the Applications and backend APIs.
Worked on applications belonging to different domains comprising of healthcare, banking, credit card, HR, e-commerce, and various PCI-DSS compliant applications.
Experienced manual testing for web APIs as well as the business logic testing.
Experience in report read out call with clients and managed the cycle of project continuity for numerous clients.
Able to analyze the root cause of the vulnerability and deliver strategic recommendations during security review.
Performed automated black-box web application assessments using commercial (HCL AppScan Nmap & AppSpider) and Burp Suite accompanied with manual penetration testing
Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, CSRF, session hijacking, Authentication bypass, Authorization flaws etc.
Good knowledge on common Industry frameworks and standards like OWASP, SANS, NIST etc.
Good Knowledge on all Latest OWASP vulnerabilities and attack vectors.
Worked on number of Web Application Penetration testing projects mainly in e- commerce, Banking and finance etc
API Security Assessment for REST and SOAP API
HTML 5, CSS3
Limited Working Proficiency
Java, Java Script
Limited Working Proficiency
Burp Suite
IBM Appscan
Netsparker
Nikto
SOAP UI
Postman
SSLyze
TestSSL
metaspolit
Kali Linux
Ubuntu