Penetration Tester Security Testing

Professional Summary

Technical Skills

Work History

SULMAN FAROOQ S

Penetration Tester

Dubai, United Arab Emirates 25314 +971********* ***************@*****.*** LinkedIn: https://www.linkedin.com/in/sulman-farooq-s-369013181/ WWW: https://medium.com/@sulmanfarooq531

Experienced penetration tester with a proven track record of identifying vulnerabilities and performing penetration tests on a wide range of systems, networks, and applications. Proficient in modern hacking techniques, security best practices, and regulatory compliance standards. Adept at working independently or collaboratively to identify and resolve security issues effectively.

• Web App and API security testing • Network and AD Security Testing

• Mobile Application Security Testing • AI Penetration Testing

• Cloud and Wireless Security Testing • Container Security Testing

• Thick Client Security Testing • SAST and DAST

• Network Mapper, Nessus, Rapid 7 • Burp Suite, OWASP ZAP, Fiddler

• MSF, Exploit database, SQL Map • Echo Mirage, CFF explorer, DIE, String

• Wireshark, Network Miner • Social Engineering

• Executive Reporting • Scripting languages

Mar 2024 - Current

Bangalore (Remote)

Penetration Tester

Aujas Cyber Security

Work as a penetration tester for the client AMDOCS, conducting manual and automated penetration testing to identify and exploit vulnerabilities in clients' systems and networks, leveraging tools and techniques to assess security posture.

•

Perform application security assessments across diverse platforms, including web, mobile, cloud, IoT, APIs, and O365 applications, as well as thick client penetration testing to identify potential security vulnerabilities.

•

Conduct vulnerability assessments, encompassing overall infrastructure to uncover and address security flaws.

•

Analyze identified risks and define prevention and mitigation controls to remediate application and network vulnerabilities effectively.

•

Utilize JIRA for agile project management and tracking security issues, ensuring seamless communication and timely resolution of vulnerabilities.

•

Participate in internal private bug bounty programs conducted by clients, reviewing reported issues, validating findings, and providing rewards to researchers for their

•

Education

Certifications

contributions to improving security.

Feb 2022 - Dec 2023

Chennai

Security Consultant L1

HTC Global Services

Conduct manual and automated penetration testing to identify and exploit vulnerabilities in clients systems and networks

•

Perform different types of application security assessments as needed; this involves application penetration testing, network penetration testing, attack surface evaluation, threat modelling and security design reviews

•

Perform manual penetration testing of applications using appropriate tools and techniques to uncover critical security vulnerabilities in the software, the infrastructure, the configuration and business logic

•

Perform risk analysis and define prevention and mitigation controls for application vulnerabilities

•

Explain all vulnerabilities and weaknesses in the OWASP Top 10 and discuss effective defensive techniques

•

Provide mitigation strategies for applications from infrastructure, architecture and secure coding perspectives

•

Utilize application security scanning tools, interpret reports and validate identified vulnerabilities and associated risks

•

Aug 2021 - Feb 2022

India

Cyber Security Trainer

Fiverr

Delivered over 20 comprehensive training sessions on network security, web application security, and ethical hacking through Fiverr, educating 50+ college and school students on essential cybersecurity principles.

•

Designed and administered 20+ practical exams and assessments, achieving an average participant success rate of 85%, showcasing effective knowledge transfer in a freelance training setup.

•

Mentored groups of 5-10 participants per session, simplifying complex cybersecurity concepts and addressing technical queries, resulting in a 90% satisfaction rate in Fiverr client reviews and post-training feedback.

•

Conducted workshops and seminars attended by various participants, raising public cybersecurity awareness and promoting best practices to mitigate exposure to emerging threats.

•

Aug 2017 - May 2021

Chennai, India

B Tech: IT Cyber Security and Forensics

Hindustan Institute of Technology And Science

Certified Ethical Hacker Master May 2024

Certified Ethical Hacker Practical May 2024

Certified Ethical Hacker V12 Feb 2024

Certified APPSEC Practitioner Jan 2024

Accomplishments

Publications

IBM Cyber Security and Forensics Jun 2021

Indian Government Site: Exposure of sensitive data through a publicly accessible Google Spreadsheet, NCIIPC team noticed and fixed the issue., https://rupnagar.punjabpolice.gov.in

•

Servify Responsible Disclosure: Sensitive Information Disclosure, Servify noticed and resolved the issue, leading to an induction into the Hall of Fame., https://servify.in/security- hall-of-fame

•

Part 1: Uncovering Parameter Tampering: https://medium.com/@sulmanfarooq531

/uncovering-a-parameter-tampering-vulnerability-in-event-expo-ticketing-system- 89fc52e26414

•

Uncovering Blind SQL Injection: https://medium.com/@sulmanfarooq531/uncovering- a-blind-sql-injection-vulnerability-6227996917be

•

Bypassing OTP Authentication: A Case Study in Account Takeover: https://medium.com

/@sulmanfarooq531/bypassing-otp-authentication-a-case-study-in-account-takeover- f3af42824901

•

Unveiling OAuth Vulnerabilities: Exploring Account Access Without Email Verification: https://medium.com/@sulmanfarooq531/unveiling-oauth-vulnerabilities-exploring-account- access-without-email-verification-d36762361df7

•

Unmasking the Danger: Open Redirection via Referer Header: https://medium.com

/@sulmanfarooq531/unmasking-the-danger-open-redirection-via-referer-header- a527ab4e7be1

•

How to hack someone nearby your area: https://medium.com/@sulmanfarooq531/how-to- hack-reconnaissance-someone-nearby-your-area-e8504b9e6cdd

•

Uncovering Sensitive Data on a Government Website using Google Dorks: https://medium.com/@sulmanfarooq531/exposing-hidden-risks-uncovering-sensitive- data-on-a-government-website-using-google-dorks-51748e4f3695

•

Part -2: Uncovering a Critical Parameter Tampering Vulnerability on a OTT Platform: https://medium.com/@sulmanfarooq531/uncovering-a-critical-parameter-tampering- vulnerability-on-a-major-ott-platform-e3342cd3437c

•

How I Found an IDOR Vulnerability in an App and What You Can Learn From It: https://medium.com/@sulmanfarooq531/how-i-found-an-idor-vulnerability-in-a-local- news-app-and-what-you-can-learn-from-it-0b02a2ab91d5

•

From Directory Traversal to Full Account Takeover: https://medium.com/@sulmanfarooq531

/from-directory-traversal-to-full-account-takeover-a-researchers-journey-150044cbf109

•

Contact this candidate