Penetration Testing Web Application

POOJA MADHAV PAKA

***************@*****.***

945-***-****

PROFESSIONAL SUMMARY:

An IT security professional with 4+ years of experience in performing penetration tests and vulnerability assessments on various applications and domains.

Broad knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.

Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, CSRF, Authentication bypass, weak cryptography, authentication flaws.

Experience using a wide variety of security tools to include kali- Linux, Wireshark, snort, Nitko, App scan, Nessus, open vas, BeEF, Maltego.

Experience with scheduling firewall policy provisioning and user interaction to identify connectivity related issues.

Experience in different web application security testing tools like Metasploit, Burp Suite, Sqlmap, OWASP ZAP Proxy, Nessus, Nmap.

Sound knowledge and industry experience in vulnerability Assessment and Penetration Testing on WEB based Application, Mobile based application, and infrastructure penetration testing.

Capable of identifying flaws like injection, XSS, Insecure direct object references, Security misconfiguration, sensitive data exposure, Functional level access control, CSRF, Invalidated redirects.

As a Security Consultant involved in enhancing the security stature of the project by initiatives like Threat modeling, security awareness sessions.

Knowledge in windows/Linux operating system configuration, utilities, and programming.

Excellent team player, enthusiastic initiator, and ability to learn the fundamental concepts effectively and efficiently.

Performed software licensing audit.

Having good experience in Secure SDLC and Source Code Analysis (Manual & Tools) on WEB based Applications.

TECHNICAL SKILLS:

Penetration Testing Tools: Burp Suite, Metasploit, OWASP ZAP Proxy, SQLmap, DIR-Buster, Nessus, Social Engineering Toolkit (SET), AppScan, NetCat, Aescript, NSlookup, WHOislookup, BeEF, Powersploit, Public key encryption, Steganography, Packet generator, Websploit, Brute force, Exploit Database, WAFWOOF, Tryhackme, Bounty, Source forge(LOIC & HOIC), CVSS, Responder, Mac address lookup, OSRFramework, Recon-ng, TheHarvester (OSINT), Sublist3r, Exiftool.

Network Analysis Tools: Nmap/Nmap Scripting Engine (NSE), Wireshark, OpenVAS, Snort

Vulnerability Scanning: Nessus, OpenVAS, Nikto

Web Application Security: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF)

Password Cracking Tools: Hydra, John the Ripper

Network enumeration: Maltego, LDAP.

Wireless Security Tools: Aircrack-NG Suite

WORK EXPERIENCE:

DXC Technology, Hyderabad, INDIA Nov 2021 - Oct 2023

Cyber Security Engineer

Responsibilities:

• Conducted 50+ penetration tests across web applications and networks, identifying critical vulnerabilities and mitigating risks, safeguarding sensitive client data.

• Prevented data breaches by identifying and remediating flaws in an e-commerce platform, securing over 10,000 customer records and payment data.

• Enhanced testing efficiency by implementing a peer-review process for penetration testing reports, improving quality by 20%.

• Led comprehensive client debriefs, presenting actionable solutions to mitigate vulnerabilities.

• Skilled in tools like kali- Linux, Metasploit, Nmap, Burp Suite, Nessus, and SQLmap for infrastructure and application testing.

• Conducted security awareness sessions, enhancing team proficiency in secure development practices.

• Knowledge in windows/Linux operating system configuration, utilities, and programming.

• We utilized advanced tools for exploiting Active Directory Domain Controller, Burp Suite Pro for web application assessments, and Nessus Expert for network scanning.

• To enhance the accuracy and quality of our deliverables, I initiated and implemented a comprehensive peer review process for penetration test reports.

• Performed functional testing of security solutions like RSA two factor authentication and Exploit Database.

• Performing onsite and remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment.

Certified in CompTIA Security +.

Infiniminds Private Limited (Wipro), Bangalore, INDIA Jul 2019 – Aug 2021

Penetration Tester

Responsibilities:

• Capturing and analyzing network traffic at all layers of the OSI model.

• Monitor the security of critical system (e.g., e-mail servers, database servers, web server, Application servers).

• Conduct network vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerability and develop remediation plans and security Procedures.

• Identifying the Critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality

• Planning, Conducting, and Reporting vulnerability and risk assessment of application. Risk associated with vulnerability explained to the project team for better understanding and guiding project team towards its closure / remediation.

• Performed Active Directory domain controller (ADDC) installation and configuration, created Organization, Departments, Added user to group, Added group to another group member and providing access to users.

• Cloud Computing installation and configuration of WampServer, Created groups, Accounts and Folders.

Education:

Jawaharlal Nehru technological university Hyderabad, India March 2019

Bachelors in Electronics and communication Engineering

Contact this candidate