• Performing Vulnerability Assessment and Penetration Testing of Web Applications both manual and using automated tools.
• Providing recommendations towards the mitigation of the found vulnerabilities.
• Making test plans for various products.
• Involved in publishing Security Bulletins for various company products.
• Hands-on knowledge of Data Center technologies
• Performed Vulnerability Assessment and Penetration Testing of Web Applications (Thick and Thin clients) and Web-Services both manual and using automated tools.
• Provided recommendations towards the mitigation of the found vulnerabilities.
• Secure Code Review
• Threat Modeling
• Conducted Information Security Sessions within organization
• Tools Used:
o Automated Tools: HP Web-Inspect, Nessus, Qualys Guard, Acunetix, IBM AppScan, Burp Suite Pro, OpenVAS
o Freeware Tools : Metasploit, W3af, OWASP-Zap, Fiddler, Dirbuster, Echo-Mirage, Soap-UI, Wireshark, Wapiti, Nmap, Netcat, Sqlmap, Sslstrip, Agent Ransack, Yasca, Findbugs, TestSSLServer tool, Sslyze, SpikeProxy, Microsoft Threat Modeling Tool and various Firefox security add-ons along with Kali Linux tools
• In-depth knowledge of OWASP top 10 and OSSTMM methodology
• In-depth knowledge WASC Threat Classification
• Good understanding of OWASP Testing Guide and Secure Software Assurance (SSA) checklist for web application-security testing
• Good understanding of Threat Modeling
• Good understanding of OWASP based Secure Code Review
• Suggested a trust based routing algorithm for AODV and DSR routing protocols in Mobile Ad-hoc Network under Wormhole Attack during M.Tech Thesis
• I have around 4+ years of experience in Application and Network Security Domain.
Reviews For This Service