Shashidar reddy

Penetration Tester | Application Security Engineer

Hyderabad 2+ yrs exp 85 · Excellent

About

Penetration Tester with 2+ years of hands-on experience performing security assessments across web applications, APIs, mobile applications, and network infrastructure. Skilled in identifying and validating vulnerabilities, conducting penetration testing, documenting technical findings, and supporting remediation efforts with development and security teams. Experienced with OWASP Top 10 standard and security validation across enterprise environments.

Skills & Expertise (26)

REST API Testing Intermediate

8.5/10

Years Exp

OWASP Testing Methodology Intermediate

8.5/10

Years Exp

SQL Injection Intermediate

8.2/10

Years Exp

Postman Intermediate

8.0/10

Years Exp

Kali Linux Intermediate

8.0/10

Years Exp

Nmap Intermediate

8.0/10

Years Exp

WIRESHARK Intermediate

8.0/10

Years Exp

Nessus Professional Intermediate

8.0/10

Years Exp

SQLmap Intermediate

8.0/10

Years Exp

Metasploit Framework Intermediate

8.0/10

Years Exp

Burp Suite Professional Intermediate

8.0/10

Years Exp

Vulnerability Assessment Intermediate

8.0/10

Years Exp

Soap API Testing Intermediate

7.8/10

Years Exp

service enumeration Intermediate

7.5/10

Years Exp

Port Scanning Intermediate

7.5/10

Years Exp

Network Reconnaissance Intermediate

7.5/10

Years Exp

Android Security Testing Intermediate

7.5/10

Years Exp

Hydra Intermediate

7.5/10

Years Exp

OAuth Intermediate

7.5/10

Years Exp

JWT Intermediate

7.5/10

Years Exp

Dynamic analysis Intermediate

7.0/10

Years Exp

Static analysis Intermediate

7.0/10

Years Exp

CVSS Intermediate

7.0/10

Years Exp

CVE Intermediate

7.0/10

Years Exp

Windows Server Intermediate

7.0/10

Years Exp

Virtual Machines Intermediate

7.0/10

Years Exp

Work Experience

Security Consultant

Smartclues Technologies LLP

Mar 2024 - Present

Conducted vulnerability assessment and penetration testing across web applications, APIs, mobile applications (Android), and network environments for banking, healthcare, and enterprise clients. Performed manual web application security testing based on OWASP Top 10, identifying vulnerabilities such as SQL Injection, XSS, SSRF, IDOR, CSRF, and authentication/authorization issues. Executed REST and SOAP API security assessments to identify authentication flaws, Broken Object Level Authorization, Broken Object Property Level Authorization, Broken Function Level Authorization, excessive data exposure, injection risks, and token-related weaknesses. Performed Android application security assessment, SSL pinning bypass, insecure storage analysis, and reverse engineering. Conducted network security assessments using tools such as Nmap, Nessus, and Wireshark to identify exposed services, weak configurations, and potential attack paths. Prepared detailed technical and executive security reports with proof-of-concept evidence, risk ratings, business impact, and remediation recommendations. Worked with development and infrastructure teams to validate fixes, perform retesting, and ensure security issues were resolved before final closure. Managed vulnerability scanning activities, including authenticated scan setup, result analysis, false positive validation, and troubleshooting scan coverage issues. Contributed to improving internal testing methodologies, checklists, and assessment workflows to enhance consistency and delivery quality.