Docker and Kubernetes and Blueprism
Knowledge on Risk Management,
Secure program Development.
Cleared my CISM Certification.
Moved out from CISCO Systems
Security Enthusiast, Speaker and Penetration Testing Engineer with 7 years of experience in handling Vulnerability Assessment and Penetration Testing on Web Applications, Mobile Applications,
API's, Networks, Wireless Security and thick clients.Experience in PHP and Wordpress Development. Delivered talks in multiple Conferences, Workshops, Chapter meets and Webinars covering
5000+ members. Reported Critical Vulnerabilities in more than 25 Government websites leaking sensitive information of users and helped them
to patch them. Experienced professional in handling SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), End to End Product Security Operations
and Penetration Testing. Good Knowledge on Software Defined Radio (SDR) Exploitation, Radio Frequency Identification Devices(RFID) and FRID tags.
● Offensive Security Certified Professional (OSCP)
● Certified Information Security Manager (CISM)
● Certified Ethical Hacker(CEHv9)
● EC-Council Certified Security Analyst (ECSAv9)
● Synack Red Team Member (SRT)
Working as Product Security Engineer in CISCO Systems from March 2016 Handling Vulnerability Assessment and Penetration Testing for more than 60 unique applications.
Leading a Team of 2 Members and scheduling Security Assessments and responsible for Security Delivery.
Good knowledge on various Security standards,methodology and compliances like OWASP TOP10, SANS 25, PTES, OSSTM, PCI-DSS.
Experience in performing application security assessments and Penetration Testing on Web Applications, Mobile Applications, API’s and Web Sockets.
Interact with Internal Development teams and help them for bug fixing.
Had good experience on Vulnerability Assessment, Penetration Testing, SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools.
Perform Vulnerability Assessment and Penetration Testing on Web Applications, WAP Portals, API’s, Mobile Applications periodically and help dev teams to fix the issues.
Provide Security Trainings to Internal Development Teams on secure coding to avoiding vulnerabilities.
Good knowledge on exploiting RFID and NFC devices.
Interact with third party Security Firms and revalidate the issues raised by them on products.
Knowledge on PHP Development and used to develop dashboards for tracking vulnerabilities raised in Manual and Automated Assessments.
Created a Checklist for WebApplication Pentest covering more than 100 Vulnerabilities and execute them while penetration testing along with OWASP TOP 10.
Designed a Security Score card and released it as Open Source,where any company can evaluate score of their product which generates rating automatically.
Developed a dashboard for tracking all the Vulnerabilities raised in the Vulnerability Assessment and Penetration Testing bug fixing and scheduling the periodical scans.
Acunetix, Qualys Guard, BurpSuite Pro,
IBM AppScan, Teenable Nessuss, Veracode
OWASP ZAP, IronWASP, SSLLabs, MobSF, WPScan,
Nikto, SQLMap, Open Vas, Vega SubGraph
Metasploit Framework, Santoku OS, BurpSuite Pro,
Xposed Framework, Xenotix, Hackbar, Hydra
Nmap, Zenmap, Wapalyzer, Exploit DB,
Sparta Tool, maltego
Dirbuster, Recon-ng, Sublist3r
ApkTool, Dex2Jar, JD-GUI
● Mobile Spyware
● Mobile Ransomware
● Panel Discussion Member
● Real Time Cyber Attacks & Preventive Measures
● Web Application Attacks
● Mobile Ransomware
● Secure SDLC in Product Based Companies
● Mobile Applicaiton Security Tools & Methodologies
● Exploiting API Security Flaws in Mobile Apps
● Mobile Application Penetration Testing
● Demo on Exploiting Mobile Applicaiton Flaws
● Implementing Security Automation (DevSecOps)
● Introduction:-Carrier in Cyber Security for noobs
● Penetration Testing Methologies and Tools
● Bypassing Web Application Firewall
Knowledge on Risk Management,
Secure program Development.
Cleared my CISM Certification.
Moved out from CISCO Systems