DevSecOpsCloud Security ResearchProduct SecurityPenetration Testing

● Secure Code Review, Penetration Testing and Application Security.● API security and Security Architecture Review of Financial Company.● Development of proprietary secure code scanner with minimum false positives.● Development of small tools/scripts to automate and enhance the quality of SAST and DAST process.

● Web Application Pentesting- Found critical vulnerabilities lying in various categories of web applications(Banking, e-commerce,Payment Gateways), suggested the developers remediations as per the OWASP standard.● Mobile Application Pentesting- Performed Static and Dynamic assessment of Android and IOS mobile applications.● Source Code Review- Performed Scanning and false positive removal review of source codes of different applications using HP Fortify.- Meetings with vendors to ensure that the secure development practice is followed and issues get patched at the design phase of the application.● Network Penetration testing- Scanned for vulnerabilities in the network, identifying the exploit, compiling the buffer overflow exploitPOC code, privilege escalation and post exploitation.● S-SDLC implementation and Network Architecture Review against Security Best Practices.- Threat Modelling, Secure Design Review, implementing strong cryptography solutions.● IOT devices pentesting- Mapping attack surface and reconnaissance- Dumping firmware and modification- Binary analysis of ARM architecture and exploitation of buffer overflow vulnerability.- Getting root shell of the firmware by connecting to hardware interfaces like JTAG, UART, Nand flash.- BLE exploitation.● Red Team Operation execution- Strategy, planning the attack design, incident response and post mortem of red team operation.

● Interacting​ ​with​ ​the​ ​client​ ​to​ ​discuss​ ​further​ ​effort​ ​estimation​ ​on​ ​the​ ​basis​ ​of​ ​available​ ​number​ ​of applications.● Web/Mobile​ ​Application​ ​Security​ ​Assessment​ ​of​ ​Banking​ ​application​ ​of​ ​top​ ​bank​ ​of​ ​Switzerland.● Thick​ ​Client​ ​Application​ ​testing​ ​of​ ​banking​ ​application.

-VAPT of Telecom Network(EPC & IMS), AppSec ,Architecture Review, Protocol Fuzz Testing(GTP, SIP, SCTP, S1AP, X2AP) -Auditing & Hardening of linux nodes, DDoS mitigation techniques. -Automation using shell and python scripting, JAVA development -CPE security testing.-Implementation of snort, splunk, netsweeper, arbor.-Tools- Metasploit, Acunetix, Nmap, Nessus, Ollydbg, gdb, Sysinternals.

Android Pentesting and botnet research, Web Application Security, Developing Mobile Applications, Wireless security.