Expert Penetration Tester for web applications
Industry Level Experience:
Conduct Security Code Review, Penetration Testing and Consult Product Development Team to
secure Financial and Telecom Applications.
1. Web Application PT
- Working on Multiple Platforms such as Windows and Linux. Web technologies such as .Net, Java.
2. Mobile Application PT for Android, IOS, and windows.
- Working on Multiple technologies such as Java, .Net, Objective C.
3. Ability to analyse root causes and deliver strategic recommendations during security reviews.
4. Adhering to best practices, and alignment with the Customer’s security requirements for project
execution, documentation, and reporting.
University Level Experience:
1. Penetration testing on a Client’s Website and on Fedora 14 Operating System.
• Performed Risk assessment, control design on operating system, database, and the web server and control implementation (Hardening of OS, Database and Web server).
• Capture the Flag Situation on the client’s website provided by the university by performing a full website Penetration testing.
2. Penetration testing on Metasploitable Linux virtual machine by using Backtrack5 r3.
• Performing Penetration Testing on the target and a detailed report on the PT of functions such as :
o Host enumeration, Service enumeration and fingerprinting, vulnerability scanning, vulnerability exploitation, and privilege escalation.
3. Implementing Information Security Management System (ISMS) on the Client provided by the university.
• Developing an ISMS Scope, ISMS Policy, implementing Risk Assessment (RA) Methodology, RA report, Risk Treatment Plan, and Security Awareness Training program.
4. Performing Web application vulnerabilities on Webgoat (vulnerable) environment.
5. Performing System security vulnerabilities on vulnerable system provided by the University.
6. Solving Cryptography and PKI challenge provided by the University.