I am a professional penetration tester / ethical hacker / IT Security Expert , I have been performing vulnerability assessment and penetration testing for local / international clients from around the world delivering according to the current industry standards and best methodologies (OWASP TOP 10, SANS TOP 25, CWE, OSSTMM, PTES etc.)
My personal expertise include complete Kernel level security audit for all known buffer overflow and brute force vulnerabilities/exploits & application level fuzzing/penetrating testing for all known/unknown & possible exploits/vulnerabilities.
Expertise in Monitoring and analyzing Intrusion Detection Systems (IDS) to identify security issues and Investigate suspicious security event activity through IDS (Snort, Bro) in the IT Infrastructure.
Testing Web Applications with Open Web Application Security Project and Enabling OWASP Application Security Verification Standard.
Create, modify, and update IDS and Security Information Event Management ( OSSIM ) tool rules.
Web Pen Tools: HP Web Inspect, IBM Rational Appscan, Burp Suite, Paros, Web Scarab, CURL, Wireshark, Acunetix, Qyalys Nessus, Shavlik, App-detective, Kali Linux tools.
Monitoring: Nagios, munin, zabbix, zenoss.
Network IDS: Snort, Bro, Suricata.
Host IDS: Ossec, Tripwire.
Network Mangement: NMIS.
SIEM: Alienvault OSSIM.
Vulnerability Assessment:OpenVAS, Nessus, OSSEC.
Professional Network and Web Penetration Testing:
Web Application/SaaS Security Testing and Defense.
a. XSS Cross-site scripting attacks
b. CSRF Cross-Site Request Forgery attacks
c. SQLi Advanced SQL injection attacks (MySQL & MsSQL Blind/error based/without error)
d. LFI Local File