HITESH MISTRY
ASSOCIATE CONSULTANT
P +91-830******* E ada8sr@r.postjobfree.com A A-108, R3, Life Republic, Marunji, Pune (411057) OBJECTIVE
EDUCATION
Extremely motivated to constantly develop my skills and grow professionally. I am confident in my ability to come up with Interesting ideas for improvising my work.
ASM’s ICS(Pune),
Master of Computer
Application(MCA) - 2015
Percentage: - 66%
KEY SKILLS
WEB APPLICATION
PENETRATION TESTING
MOBILE APPLICATION
PENETRATION TESTING
NETWORK
PENETRATION TESTING
AWARDS
EMPLOYEE OF THE
MONTH
LEADERSHIP AWARD
BEST PERFORMER AWARD
EXPERIENCE
ASSOCIATE CONSULTANT
Infosys Pvt. Ltd. July2019 – Present
• Application scanning using Burpsuite.
SECURITY CONSULTANT – L2
Security Brigade Oct2016 – July2019
• Conducted security testing on the Web application, Mobile application, Thick Client and Web services.
• Proficient in identifying various critical vulnerabilities like SQL Injection, XSS attack, response splitting, session hijacking, authentication bypass, authorization, authentication flaws, remote & local file inclusion and also, business logic vulnerabilities.
• Tested more than 100+ web and mobile applications detecting critical and non-critical bugs.
• Discussion and explaining application owners and developers on existing vulnerabilities on applications to mitigate them effectively.
• Conducted review on various other aspects of applications like Server Hardening, Configuration Review, Thick client application testing, Vulnerability Assessment and Penetration Testing.
• Worked in various banking projects related to testing of their payment applications.
• Additional job roles include team management, conducting L2 approvals and report approval of team members.
• Worked with various HTTP tools like Burp Proxy, Fiddler, Zap Proxy, iron WASP, etc.
WEB AND MOBILE APPLICATION SECURITY TOOLS
• Http interception tools like Burp Suite Pro, Fiddler.
• Social Engineering or Password generation / cracking tools such as Hydra, Ncrack, Crunch.
• Web application Vulnerability Scanning tools such as Accunetix, AppScan.
• Web Penetration tools like SQL map, Nikto, Metasploit, etc.
• Mobile application Security and Penetration Testing using Mobsf, Freda,etc.
NETWORK SECURITY TOOLS
• Network Scanning tools Nessus, Nmap, Nexpose Network Sniffing tools such as Wireshark.
NETWORK PROTOCOLS
• Configuration and Implementation of routing protocols.
• Knowledge of different networking protocols like TCP, UDP, FTP, TFTP, SSH, SNMP, TFTP, DHCP, NTP, SIP, RSTP, RDP, DNS, etc.
CERTIFICATIONS AND AWARDS
• CEH (Certified Ethical Hacker) – EC-Council.
• ECSA (Certified Security Analyst)- EC-council.
• Rewarded by Casper Security Team via Hackerone