Tek06704

Automation Test - 4 + Year


BCA - Computer Science

Highlights

  • Currently working as a Cyber Security Analyst, having 4.7 (relevant) years of technical and quality-based experience in Web Application and Network Penetration Testing.

  • Over the time, I have gained profound knowledge of application security and performed Vulnerability Assessment and Penetration Testing for many internal and external clients of different domains.

  • Maintain positive attitude in the face of changes in work assignments or conditions and have good interpersonal skill and zeal to learn new things.


Skills
Primary Skills
  • Burp Suite
  • OWASP

Secondary Skills
  • API Testing
  • Junit
  • Waplyzer
  • ZAP
Other Skills
  • Standards OWASP / SANS Inst
  • Web Applications/Services Security Assessment Tools
  • Burp Suite, OWSAP TOP10, ZAP, Wapalyzer, Cookies Manager, SQL map etc.
  • Network Security Assessment Tools
  •  Nmap, Metasploit, Wireshark, Hydra, SSL scan, SQL Map, DNS map etc.
  • Web Client Technologies HTML, JavaScript, Linux Scripting
  • Operating Systems Windows XP/7/8, Ubuntu, Kali Linux, Mac
  • Monitoring Tools/Sniffers Wireshark, Ettercap
  • Languages/Technologies Basics of HTML java script
  •  Web Application Servers Apache, Nginx windows
  •  Database Servers Knowledge in MySQL, Apache.
Projects

Project 1: CYBER SECURITY ANALYST - IT Industry (56 months)


    • Application Security Assessment based on OWASP standards on internal and

    • external applications which cover Authentication, Authorization, Input Validation,

    • Cryptography, Business Logic, Session Management and Configuration.

    •  Performing tool-based Security assessment followed by manual validation of reported

    • Findings to remove false positives.

    •  Scanned the application for web vulnerabilities using OWASP ZAP, Burp Suite, IBM

    • Appscan.

    •  Documentation of all testing methods and results including impact, remediation and

    • recommendation for identified vulnerabilities.

    •  Performing SAST on Internal repositories using Chemarx tool.

    •  Documentation of all testing methods and results including impact,

    • remediation and recommendation for identified vulnerabilities.

    •  Analysing and follow up on removing the false positives from Checkmark &

    • SonarQube with internal developers.

    • Providing necessary recommendations for the findings if possible.

    • Creating Secure coding guidelines and procedures that can be shared with

    • development teams which help teams write code in more secure manner.

    • Performing DAST on REST & SOAP Web services.

    •  Co-ordination between Client & Internal Team.

    •  Assisting the development team to patch the vulnerabilities        


Awards

Certifications

Certified Ethical Hacker.