Summary
Overview
Work History
Education
Skills
Timeline
Generic

SAI KUMAR MUNDLAPUDI

Jersey City,Connecticut

Summary

Dynamic InfoSec professional with 4+ years of work experience and Master's degree in Information Assurance. O Strong experience of Web - application Security - web application vulnerability assessments, penetration testing

Ability to conduct penetration testing for well-known technologies and known security flaw concepts (SQL injection, XML injection, XSS, CSRF, IDOR, Path Traversal, etc.)

Experienced in Testing Client Server applications and Web based application using both Manual and Automated testing tools.
Experience in information security policies, network security design and implementation.
Experienced on vulnerability assessment and penetration testing using various tools like Burp Suite, OWASP ZAP Proxy,
NMap, Nessus, Qualysguard, OpenVAS, Nexpose, Wireshark, DirBuster, w3af, Havij, Maltego, Foca, Colasoft, Nikto web scanner, HTTrack, WebScarab, sqlmap, etc.


Strong experience in using VAPT tools on Kali Linux platforms, like Metasploit Framework, & Armitage.
Admin

Strong experience on assessing and mitigating OWASP top 10 critical risks.
Good understanding of Vulnerability scanning, Patching techniques, O/S Hardening, NIST, CIS benchmark creation.

Experienced working on Simulators and emulators, cross browser testing like Fire Fox, Google Chrome, Safari and internet explorer using proxy management tools like FireSheep, FoxyProxy.

Strong understanding about control objectives and PCI DSS Compliance requirements - payment card industry data security

Overview

5
5
years of professional experience

Work History

Security Consultant

RX WORLD PHARMACY SUPPLIES
New York, NY
01.2024 - Current
  • I understood the workings of the application and prepared a threat profile.
  • Performed automated scanning on the application using a confidential tool.
  • Verified the vulnerabilities identified by the tool by performing manual testing on the mobile application.
  • Tested for content provider leakage and use of implicit intents.
  • Prepared a report about the findings and action items to fix the identified vulnerabilities.
  • I volunteered and helped in the courses delivered by NotSoSecure. I participated in the bug bounty programs hosted by HackerOne and Bugcrowd. I captured the flags on the vulnerable machines hosted online, like Vulnhub and Pentestit. I self-trained on buffer overflow attacks and their variations, like egg hunting and Structured Exception Handler (SEH) bypass.
  • I participated in the bug bounty programs hosted by HackerOne and Bugcrowd.
  • Captured the flags on the vulnerable machines hosted online, like Vulnhub and Pentestit. I self-trained on buffer overflow attacks and their variations, like egg hunting and Structured Exception Handler (SEH) bypass.
  • Self-trained on buffer overflow attacks and their variations, such as egg hunting and Structured Exception Handler (SEH) bypass.

Security Analyst

NTT DATA Services
HYDERABAD , TELANGANA
08.2019 - 08.2022
  • I developed an Application Security program (DAST and SAST) at the enterprise level to identify, report, and remediate security vulnerabilities from applications deployed in DEV, PRE-PROD, and PROD environments.
    Reviewed source code (Java, J2EE, Spring, FTL, JavaScript) and developed security filters within IBM AppScan for critical applications.
  • Managed security assessments to ensure compliance with the firm's security standards (i.e., OWASP Top 10, SANS 25). Specifically, security testing has been performed to identify XML External Entity (XXE), Cross-Site Scripting, and SQL Injection-related attacks within the code.
    Developed a threat modeling framework (STRIDE, DREAD) for critical applications to identify potential threats during the design phase of applications.
  • I implemented file system security by applying hashing techniques for protecting data stored in files on the file servers.
    I rolled out IBM AppScan products, such as AppScan Enterprise (ASE), Standard, Source, and Developer plug-ins, to various development teams across the business.
  • Worked extensively with software development teams to review the source code, triage the security vulnerabilities generated by IBM AppScan, BurpSuite, HP WebInspect, HP Fortify and eliminated false positives.
  • Generated executive summary reports showing the security assessments results, recommendations and risk mitigation
    plans and presented them to the respective business sponsors and senior management.
  • Worked with DevOps teams to automate security scanning into the build process.
    O Reviewed Android and iOS mobile source code manually and recommended code fixes.
  • Participated in the proof of concept (POC) in implementing Arxan application protection software for mobile apps.
  • The analyzed security incidents originated from various network and application monitoring devices (e.g., Symantec Vontu DLP), and were coordinated with engineering teams for tracking and problem escalation, including remediation.
  • I performed the penetration testing of mobile (Android and iOS) applications, specifically APK reverse engineering, traffic analysis and manipulation, and dynamic runtime analysis.
    Confidential

Education

Business Analytics

University of New Haven
West Haven, CT
05-2024

Skills

  • Threat detection
  • Quality assurance
  • Expert in WEB APPLICATION PENETRATION TESTING
  • IT risk management
  • Employee security training
  • Blockchain security

Timeline

Security Consultant

RX WORLD PHARMACY SUPPLIES
01.2024 - Current

Security Analyst

NTT DATA Services
08.2019 - 08.2022

Business Analytics

University of New Haven

Similar Profiles

CREATE PROFILE
SAI KUMAR MUNDLAPUDI