Security Application

DEVESH BHATT

Security Engineer

Experience Highlights

• 2 years of experience in Application Security and Network security.

• Audited 70+ web-applications in the areas of Banking, Finance, Healthcare and

eCommerce and several thick clients.

• Experience in testing the security of online banking, online trading and insurance

applications.

• Received over 90 hours of training in Application security testing, and over 40

hours of training in network penetration testing.

• Have audited several platforms like windows2000,windows2003,Solaris,Oracle,HP

Unix and databases like IBM and Apache HTTP server, Sql server 2000,2005

Education Summary

• Bachelor of Engineering in Electronics and Telecommunication in 2007

• Intermediate with 74% from CBSE board.

• High school with 89% from CBSE board.

Professional Experience

Company : Paladion, Mumbai

Designation : Application Security Engineer

Duration : August 2007 – June 2008

Key projects at Paladion:

1. Application Security assessment of various applications of a leading bank

The scope of this assignment was to conduct an assessment of the

various applications of the bank. The scope included conducting

application security audits (both thin and thick clients), penetration

Description tests, providing mitigation, re-assessment of the application after the

fixation of mitigation, presentation and replay of vulnerabilities in front

of internal teams and preparation of RA reports which calculated the

enterprise risk level.

1

Application security audit of live Internet Banking Applications (Both

India and abroad)

Application security audit of online trading application

Application security audit of health and life insurance applications

Contribution

Application security audit of various thick client applications which

included some HR, CRM, java applet based and j2re applications.

Application security audit of other critical and non-critical web

applications which included asp, asp.net, vb, java applications.

Client ICICI Bank

2. Application security of critical banking application and server hardening

The scope of this assignment was to conduct the hardening of several

Description critical servers including TANDEM along with vulnerability assessment

of BASE24(runs on tandem) and report preparation

Application security audit of a critical thick client application

Vulnerability assessment of windows, Solaris and Guardian servers

Contribution Proper hardening of the above mentioned servers

Apsec of critical BASE24 application that runs on TANDEM and

hardening of the same.

Client STATE BANK OF INDIA

Other short term assignments

• Penetration testing of EXIM BANK’s critical server.

• Vulnerability assessment of SBI’s different platforms like WINDOWS,HP

UNIX,SOLARIS,UNIX and databases like SQL server 2005 IBM Http server and ORACLE

.

Company : KPMG, Mumbai

Designation : Analyst

Duration : June 2008 – Till date

Key projects at KPMG:

1. Application Security assessment of various applications of a leading software

company.

Description The scope of this assignment was to conduct an assessment of the

FLEXCUBE application. The scope included conducting application

security audits, penetration tests, providing mitigation, re-assessment

2

of the application after the fixation of mitigation, presentation and

replay of vulnerabilities in front of internal teams and preparation of RA

reports which calculated the enterprise risk level.

Application security audit of critical internet banking application,

Contribution developing threat profile and writing test cases.

FLEXCUBE (a critical internet banking application)

Client IFLEX

2. Application and Network Security assessment of a leading Software company

The scope of this assignment was to conduct an assessment of a critical

Description

portal application and UMBRACO Content Management System (CMS)

Application security audit of critical portal application, developing

Contribution threat profile and writing test cases.

Review of Umbraco and found product level bugs.

Client PATNI

3. Application and Network Security assessment of a leading Global Bank

The scope of this assignment was to conduct an assessment of critical

Description

Banking application

Penetration testing of the bank’s IP

Assessment of vulnerabilities using several commercial and freeware

Contribution

tools.

Timely completion and generation of report.

Client ROYAL BANK OF SCOTLAND

4. IT General Controls testing of a leading private sector bank of India

3

The scope of this assignment was to conduct an IT General Controls

Description

Testing of a leading private sector bank of India.

Assessment of the common processes like IT Networks, System and

Database Administration, Windows Active Directory, Physical Access

and Backup Process

Contribution

Covering the areas like Access to Program and Data, Program

Changes, New Program Development, Computer Operations.

Client ICICI Bank

5. IT General Controls and Application Controls testing of a leading private

Pharmaceutical Company

The scope of this assignment was to conduct an IT General Controls

Description Testing and Application Control testing of a leading private

Pharmaceutical Company.

Assessment of the common processes like IT Networks, System and

Database Administration, Windows Active Directory, Physical Access

and Backup Process

Contribution

Covering the areas like Access to Program and Data, Program

Changes, New Program Development, Computer Operations.

Client PFIZER

6. IT Configuration Review and Business Continuity And Contingency Planning

review of a leading service provider company.

The scope of this assignment was to conduct an IT Configuration and

Description

BCCP review

Assessment of the existing IT procurement process.

Assessment of the existing IT infrastructure,budgeting process and

Contribution staffing

Assessment of the Business Continuity and Contingency plan

Suggesting the remediation thereafter.

Client BLUE DART

7. Application and Network Security assessment of a leading Global Bank

Description The scope of this assignment was to conduct an assessment of the

various applications of the bank and the IVR Phone banking system.

The scope included conducting application security audits, penetration

tests, providing mitigation, re-assessment of the application after the

4

fixation of mitigation, presentation and replay of vulnerabilities in front

of internal teams and preparation of RA reports which calculated the

enterprise risk level.

Application security audit of IVR Phone Banking system using tools

like Sivus, Sipscan,SIP Proxy.

Contribution Application security audit of the Nortel’s CCMS product.

Report generation and discussions with the client.

Mitigation suggestion and retesting.

Client Barclays Bank

8. Application and Network Security assessment of a leading Public Sector bank

The scope of this assignment was to conduct an assessment of the

various Thick client applications of the bank. The scope included

conducting application security audits, penetration tests, providing

Description mitigation, re-assessment of the application after the fixation of

mitigation, presentation and replay of vulnerabilities in front of internal

teams and preparation of RA reports which calculated the enterprise

risk level.

Application security audit of the thick clients of the bank (MFUND,FOS,DSS) Using tools like Ecomirage, Regmon, Filemon.

Vulnerability assessment of the various servers of the Bank.

Contribution

Penetration Testing on the Live Website of the bank.

Report generation and discussions with the client.

Mitigation suggestion and retesting.

Client UTI Mutual Fund

ACHIEVEMENTS

• School topper and second position in district in class 10th boards.

• All India merit certificate by CBSE in 10th.

• Finalist in Skit competition in 2nd year and winner in the same in 3rd and final year in

college.

• Winner of the chess tournament organized in college in 2006.

PERSONAL DETAILS

5

NAME DEVESH BHATT

DATE OF

11 April 1985

BIRTH

CURRENT 306, Panchvati, Panchshristi Towers, near SM Shetty School Powai,

ADDRESS Mumbai, Maharashtra. Pin: 400072

PERMANENT S/O S.N Bhatt,GIC Link Road Pithoragarh,Uttarakhand

ADDRESS Pin: 262501

MOB. NO. 983-***-****

EMAIL *************@*****.***

6

Contact this candidate