Penetration Testing Application Security
Resume:
Kalyan
**********@*****.***
EXPERIENCE SUMMARY
• Experience in implementing security in every phase of SDLC. Have hands-on experience in application security, vulnerability assessments/Penetration Testing and OWASP along with different security testing tools.
• 4+ years of experience in IT industry specialized in Information Security.
• Strong understanding & experience of Static Application Security testing(SAST), Dynamic Application Security testing(DAST) and web application vulnerability assessments.
• Experience as an Information Security Analyst involved in OWASP Top 10 based Vulnerability Assessment of various internet facing point of sale web applications and Web services.
• work collaboratively with software engineers, operations, architects and data engineers to architect and streamline a secure self-service developer environment.
• Experience in different web application security testing tools like Qualys, Burp Suite, Sqlmap, OWASP ZAP, Contrast Security, HP Fortify and NMAP.
• As a Security Consultant involved in enhancing the security stature of the project by initiatives like Threat Modeling, Security awareness sessions.
• Ability to conduct penetration testing for well-known technologies and known security flaw concepts (XSS, SQL injection, etc).
• Identify PCI Data Security flaws present in the environment and fix identified flaws.
• Good knowledge in development and implementation of controls in alignment with NIST standards.
• Experience in Code review for security vulnerabilities & threats.
• understanding of common cryptographic algorithms and protocols including their weaknesses and attacks against them.
• Expertise in mobile platform security technology and best practices.
• Conducts thorough security testing of developer workflows and mobile applications (for both iPhone and Android platforms), identifying security issues and vulnerabilities.
• Experience common software vulnerabilities, such as OWASP Top 10.
• Simulate how an attacker would exploit the DDoS attacks, Phishing, web & application attacks, and malware.
• Excellent team player, enthusiastic initiator, and ability to learn the fundamental concepts effectively and efficiently.
• Good knowledge in programming and scripting in Python, .Net and Java.
• Ability to work in large and small teams as well as independently. Core expertise:
• Risk Management
• Vulnerability Assessments
• Application and Network Monitoring
• Penetration Testing
• System Hardening
• Application and Automation Testing
TECHNICAL SKILLS
Security
Technologies
HP Web Inspect, IBM Security Appscan standard, IBM security Appscan source, Burp suite, Fortify, Dirbuster, OWASP ZAP Proxy, Fiddler, NMap, Nessus, Qualys.QRadar
Anti-Virus Tools (Norton, Symantec, Ghost, etc.)
CI/CD Pipeline Jenkin, Circleci, GitLab
Networking LANs, VPNs, Wireshark, Routers, Firewalls, TCP/IP Software .Net, Python Script,ASP .NET MVC,,JAVA, HTTP, HTML Framework AngularJS, Bootstrap
PROFESSONAL EXPERIENCE
Dr.Reddy's Laboratory Mar 2019 to till date
Web Application penetration tester/Devops Security Information Security
part of a AVA testing and vulnerability analysis program within the Security organization and coordinating in assisting different application teams in securely architecting/operating their offerings by aligning to the Client. industry-standard methodologies, compliance, and privacy requirements.
• Identified vulnerabilities, recommended corrective measures, and ensured the adequacy of existing information security controls.
• Performed onsite & remote security consulting including penetration testing, application testing with Dynamic Application Security testing (DAST), web application security assessment, Manual testing, social engineering, wireless assessment.
• Analyze security findings, including risk analysis and root cause analysis.
• Experience in Application Security Testing like Sql, XSS, authentication, authorization, data security vulnerabilities for hacking.
• Working with Ops team to update the security patches according to the CVE standards.
• Using Kali linux and other tools to exploit security issues.
• Assess software security by performing security testing, participating in code review.
• Experience in Nessus, Qualys Vulnerability Assessment for hosting applications.
• Experience in Architectural Diagram with Threat modeling and different teams are working layers in the system.
• Using Postman collections to verify Security issues using Burp Suite tool.
• Working on OWASP Top 10 critical vulnerabilities and Follow some security standards and need to test all OWASP TOP 10 testing.
• Using Splunk and finding the sensitive data in URLs such as credit card number,SSN.
• Configured and using Postman tool to test the REST API testing using HTTP methods.
• Performed penetration testing, web application security assessment,
• Performed testing on external facing and bypass firewall and User Enumeration and credential exploiting.
• secured password policies and Generate reports to identify accounts with password vulnerabilities.
• Experience in static code analysis and scheduled scan for Web applications and provides accurate results and vulnerabilities across –client, server, and network.
• Experience and Knowledge in writing JavaScript.
• Handle LDAP users to give privileges to work with the application server team.
• Experience and Knowledge in Fiddler to capture the websites to exploit the issues.
• work with Devops team to integrate on CI/CD Unified Pipeline to integrate SAST tool.
• Used Splunk and verified and monitored the log analysis and retention and integrated with Burp suite tool.
• Generated and presented reports on security vulnerabilities to both internal and external customers.
• Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations and deliver walkthrough, proof of concept (PoCs), and formal presentations.
Environment: HP Fortify,Burp suite, HCL Appscan,IBM Appscan tool, Web Inspect, Kali Linux, NMAP, OWASP ZAP Proxy tool, Qualys, Python, Java script, SQL Progressive Infotech Services, Apr 2018 to Mar 2019 Application Security/Pen Testing
IT Security Analyst and Automation Engineer
• Manual testing and Automated testing (Web Application Scanner).
• Real-time Analysis and defense.
• Black box pen testing on internet and intranet facing applications
• Vulnerability assessment (VA), Security policy, and network and security audit.
• Working on penetration testing fixes with the security teams.
• With the use of Veracode to use Application testing to find vulnerability and scanning.
• Baseline analysis for client’s network and fixing weaknesses of the network infrastructure to protect it.
• Educated business unit managers, IT development team, and the user community about risks and security controls.
• Prepared detail practices and procedures on technical processes.
• Conducted evaluation of intranets and firewalls on regular basis.
• OWASP Top 10 Framework.
Environment: IBM Security Appscan standard Security Appscan source, Burp suite, Load Balancers, DirBuster, NMap, Veracode, Nessus, Windows 8.1,Windows 10. EDUCATIONAL QUALIFICATIONS:
Bachelors in Computers from Nagarjuna University in 2018 Hyderabad [Kalyan Krishna]
Contact this candidate