About
Over 3 years of experience in security assessments Vulnerability Assessment and Penetration Testing (Web Application, Mobile Application, API, Network, Cloud). Hands-on experience with both Automation and Manual Testing Tools. Performed Application Penetration Testing for various clients. Assisting in review of business solution architectures from security point of view which helps avoiding security related issues/threats at the early stage of project. Experience in running scans on Source code files using Veracode and verifying vulnerabilities to eliminate false positives. Good Knowledge on SAST and DAST. Skilled using Various Tools for web application penetration tests such as Burp Suite, OWASP ZAP, Veracode, Wireshark, Nmap, Nessus, Work Audit Bench, Fortify, Acunetix. Ability to perform, secure code review, Penetration Testing (Web, Mobile, API, Network), Vulnerability Assessment. Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, authentication bypass, weak cryptography, Session Management, etc. Performed Web Application Security / Penetration Testing in accordance with OWASP standards and SANS guidelines, using manual techniques and Automation tools. Skilled in executing OWASP top 10 test cases. Good Knowledge on Cloud Security with Jenkins. Conducted application architecture review for few projects. Publishing monthly dashboards, taking follow up for closure of vulnerabilities. Executing test cases, reviewing results, and working with development team to remediate the open issues. Reporting the identified issues in the industry standard framework. Ability to build good relationships with clients/operational managers and colleagues.
Skills & Expertise (36)
Work Experience
Analyst
Teleperformance Pvt Ltd
Aug 2023 - Present
Conducted web application penetration testing on business applications. Conducted vulnerability assessments using web application vulnerability scanners and manual penetration testing. Perform infrastructure security assessments by analyzing the networks, enumeration of services on hosts and identify vulnerabilities. Exploitation of identified vulnerabilities in network hosts by using existing exploits or manual methodologies. Manual web application penetration testing using Burp Suite. Application Security Assessment by using automated scanners like WebInspect and Appscan. Using web application vulnerability scanners like Webinspect and verracode to perform automated testing. I am proficient in identifying application-level vulnerabilities like XSS, SQL Injection, CSRF, IDOR, Authentication & Authorization bypass and Cryptographic flaws etc. False positives removal by analyzing the results from automated scanners. Performed security checks for cloud environment.
Education
B Tech - Sree Chaitanya Institute of technological science’s
- 2022 · Afghanistan
