Venkatakirana S
Overland Park,KS
Summary
- Dedicated and certified Ethical Hacker with a dynamic 2-year journey, specializing in delivering comprehensive Penetration Testing and DevSecOps services across diverse sectors, including enterprise, industrial, finance, and government. Backed by 4 years of bug bounty expertise.
- Demonstrates proficiency in conducting various penetration tests, encompassing Web Application, Android & iOS, API, and Network Penetration Testing, as well as Thick Client Application Pentesting. Displays adaptability to diverse technological domains.
- Adept at conducting penetration testing for web apps, mobile applications, and APIs based on industry-recognized standards (OWASP Top 10 and SANS Top 25), ensuring adherence to best practices.
- Expert in standalone Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and SCA scans for pre-production builds and applications in the development phase, effectively minimizing vulnerabilities.
- Possesses advanced knowledge in modern application structures and associated vulnerabilities, consistently identifying critical severity issues within contemporary applications.
- Showcases expertise in crafting sophisticated payloads and creating advanced attack surfaces within modern applications, contributing to a comprehensive understanding of security vulnerabilities.
- Demonstrates excellent proficiency in AWS application security and cloud auditing, ensuring secure cloud deployments and enhancing overall cloud security measures.
- Skillful in conducting false positive and false negative analysis for automated scan reports, ensuring the accuracy of findings and optimizing the vulnerability assessment process.
- Skillfully conducting false positive and false negative analysis for automated scan reports, ensuring the accuracy of findings and optimizing the vulnerability assessment process.
- Proficient in using Burp Suite for comprehensive web application security testing, leveraging its functionalities to uncover vulnerabilities and ensure application resilience.
- Displays adept understanding of functional exploits and bypass techniques, navigating complex security scenarios effectively.
- Demonstrates advanced networking knowledge, encompassing OSI layers, subnetting, ports, and protocols. Expertise in an extensive array of security tools, including SonarQube, OWASP Dependency Checker, Metasploit, Wireshark, Nmap, Sqlmap, Postman, and more.
- Strong background in Information Security, Infrastructure, and Network Management. Proven expertise in supporting, monitoring, and managing Security Information and Event Management (SIEM) environments. Proficient in administration, analytics development, and incident analysis, bolstering enterprise security and data protection measures.
Overview
3
3
years of professional experience
1
1
Certification
Work History
Freelance Bug bounty Hunter
Hackerone, Bugcrowd, RDP Programs
08.2020 - Current
- Performing Web Application penetration testing on programs
- Performing Api penetration testing
Cyber security Engineer
Qualitest private LTD
02.2021 - 08.2022
- Identified and designed test cases for modern security vulnerabilities, transforming them into security control services for clients.
- Conducted Web Application Penetration Testing for numerous client applications, discovering critical vulnerabilities, including privilege escalation, authentication bypass, stored XSS, buffer overflows, bulk information disclosure, CSRF, SSRF, etc.
- Created detailed reports containing steps to reproduce issues, POCs, and migration strategies for remediation.
- Provided remediation consulting services to clients based on security issues identified during penetration testing.
- Conducted Android & iOS Application Penetration Testing, uncovering critical vulnerabilities such as account takeover, information disclosure, insecure data storage, insecure logs, authentication bypass, and various session issues. Reported findings with detailed mitigations.
- Identified various scenarios for testing APIs during API penetration testing, designing detailed test cases for each scenario, and discovering vulnerabilities in APIs.
- Performed standalone Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) scans for client applications. Conducted false positive and false negative analyses for automated reports.
- Conducted cloud auditing based on CIS Benchmarks.
- Designed and implemented tooling and automation for application security (e.g., SAST/DAST in CI/CD).
- Conducted retesting on client applications to verify the proper application of mitigations, identified advanced bypass methods, and suggested fixes for bypass.
- Delivered specialized training for teammates on web application and mobile application penetration testing using various tools and manual approaches.
- Conducted webinars for internal team on modern vulnerabilities and advanced WAF bypass methods.
- Planned, executed, and managed projects, contributing to committees or teamwork.
- Created policies and procedures for emerging security technologies and proposals.
- Developed security metrics and technical analyses to provide insight into performance and trends.
- Developed, implemented, and documented security programs and policies, monitoring compliance across departments.
- Validated and verified system security requirements definitions and analyzed system security designs.
Education
Master of Science - Cyber Security
University of Central Missouri
Warrensburg, MO12.2023
Bachelor of Science - Computer Science And Engineering
Visvesvaraya Technological University
India08.2020
Skills
- PEN TESTING TOOL: BurpSuite, CheckMarx SAST, Red Team, HP
- Fortify, IBM AppScan, OWASP Zap, Nmap, Kali Linux, Postman
- Web Application: BurpSuite, Qualys, NetSparker, IBM App
- Scanner, Acunetix, OWASP, Nmap, DirBuster, many tools with onliners (DAST,SAST and SCA)
- Network: Nmap, Qualys, Nessus, Metasploit, Nipper, Wireshark, soluble, Tcpdump
- Mobile: Mobile Security Framework (MobSF), Genymotion, ABD shell, Frida, Objection, Drozer, Apk tools,quark,inspekage and xsposed
- API: Postman, SoapUI, Burp suite, Docker
- DevSecOps: checkmax,veracode, Sonar cube,owasp dependency checker
- Services/Network Protocols: HTTP, HTTPS, DNS, DHCP, FTP, SMTP, ARP, TCP/IP, ICMP, tracert,ifconfig, ipconfig
- Developing security plans
Websites
- https://www.linkedin.com/in/venkatkiran-s-3a22281ab/
- https://venkat599.medium.com/account-takeover-due-to-improperly-configured-functions-549e74ebf34e
- https://venkat599.medium.com/account-takeover-due-to-improperly-configured-signup-function-1184f9e33
- https://venkat599.medium.com/cross-site-request-forgery-csrf-leads-to-account-takeover-97580d76c1f
- https://venkat599.medium.com/admin-dashboard-access-due-to-weak-password-policy-4c87fba6ef26
- https://venkat599.medium.com/improper-input-sanitization-on-name-field-leads-to-scripts-execution-re
Certification
- Certified in Ethical Hacking (CEH), ECC3248605197, EC Council
- ELearning Fundamentals Developer Security, VERACODE
- Verified Team Security Champion, VERACODE
- Verified Continuous Security Champion, VERACODE
Accomplishments
- Recognized as one of the best employees in the team for consistently delivering exceptional performance.
- Discovered a critical authentication bypass vulnerability in a client application using Microsoft services, earning appreciation from Microsoft.
- Successfully identified 90% of critical and high-severity vulnerabilities in every project undertaken.
- Developed an advanced test case document for conducting penetration testing on web, mobile, API, and thick client applications, offering the document as a service to clients.
- Promoted to the position of Senior Cyber Security Engineer within one year.
- Integral part of every penetration testing project, consistently uncovering numerous critical vulnerabilities.
- Acknowledged in the Hall of Fame at Indeed, recognizing outstanding contributions.
- Acknowledged in the Hall of Fame at Masqt for notable achievements.
- Received appreciation and bounty from Linode for contributions to security.
- Received appreciation and bounty from Aptible for contributions to security.
- Recognized in the Hall of Fame at Vista for outstanding security contributions.
- Received swags and appreciations from various organizations in recognition of expertise and contributions.
Timeline
Cyber security Engineer
Qualitest private LTD
02.2021 - 08.2022
Freelance Bug bounty Hunter
Hackerone, Bugcrowd, RDP Programs
08.2020 - Current
Master of Science - Cyber Security
University of Central Missouri
Bachelor of Science - Computer Science And Engineering
Visvesvaraya Technological University
Similar Profiles
Muraduzzaman AshaMuraduzzaman Asha
Bug Bunty Hunter at HackerOne,Bugcrowd,Open Bug BountyBug Bunty Hunter at HackerOne,Bugcrowd,Open Bug Bounty
Sreehari JeevanSreehari Jeevan
Cybersecurity Researcher at Bugcrowd and HackerOneCybersecurity Researcher at Bugcrowd and HackerOne
DaKota LaFeberDaKota LaFeber
Researcher (Freelance) at BugcrowdResearcher (Freelance) at Bugcrowd
Mitchell MaupinMitchell Maupin
Nutrition Specialist at Supplement SuperstoresNutrition Specialist at Supplement Superstores
Abigail SellarsAbigail Sellars
Perennials Associate at Suburban Lawn & GardenPerennials Associate at Suburban Lawn & Garden