Vulnerability assessment and penetration tester

12/2018 – 12/2018

• Familiar with various approaches to Grey & Black box security testing.
• Finding effective ways of manipulating the vulnerable domains of the systems.
• Maintaining high level of security of the information that is crucial for the business growth of the organization.
• Utilized common security tools dynamic and static analysis to evaluate the security of target systems and applications.
• Experience in finding - SQL injection, XML injection, techniques to obtain command prompts on the servers, PDF exploits, HTTP response splitting attacks, LFI, RFI, CSRF and web services like XML/SOAP and API vulnerabilities using various tools (commercial and open source).
• Exploited the logic flow of web application and recommend mitigation to the findings.
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, Encryption, Privilege escalations.
• Good Experience in exploiting the recognized vulnerabilities in web applications.
• Performed, reviewed and analyzed security vulnerability data to identify applicability and false positives.
• Used CVSS Scores to create reports demonstrating the severity of the existing vulnerabilities and was helpful to prioritize the course of implementation depending on the severity of the vulnerabilities.
• Participated in the development of IT risk assessments for enterprise applications.
• Remediation planning and implementation.

Cyber Security

12/2018 – 12/2018

• Familiar with various approaches to Grey & Black box security testing.
• Finding effective ways of manipulating the vulnerable domains of the systems.
• Maintaining high level of security of the information that is crucial for the business growth of the organization.
• Utilized common security tools dynamic and static analysis to evaluate the security of target systems and applications.
• Experience in finding - SQL injection, XML injection, techniques to obtain command prompts on the servers, PDF exploits, HTTP response splitting attacks, LFI, RFI, CSRF and web services like XML/SOAP and API vulnerabilities using various tools (commercial and open source).
• Exploited the logic flow of web application and recommend mitigation to the findings.
• Identified issues on sessions management, Input validations, output encoding, Logging, Exceptions, Cookie attributes, Encryption, Privilege escalations.
• Good Experience in exploiting the recognized vulnerabilities in web applications.
• Performed, reviewed and analyzed security vulnerability data to identify applicability and false positives.
• Used CVSS Scores to create reports demonstrating the severity of the existing vulnerabilities and was helpful to prioritize the course of implementation depending on the severity of the vulnerabilities.
• Participated in the development of IT risk assessments for enterprise applications.
• Remediation planning and implementation.

Cyber Security