Ashhad Ali

Ashhad Ali Email and Phone Number

Application Security Analyst @ Bank AL Habib Limited
Pakistan
Ashhad Ali's Location
Karāchi, Sindh, Pakistan, Pakistan
About Ashhad Ali

IntroductionWith over 3 years of experience as a Security Engineer, I specialize in comprehensive vulnerability assessments and penetration testing for various systems, including web applications, networks, and mobile apps. My expertise involves identifying, prioritizing, and remediating critical security vulnerabilities using advanced tools like Metasploit, Burp Suite, OWASP ZAP, SQLmap, Nessus, and Nuclei.SummaryThroughout my career, I have discovered and addressed over 30 high-severity vulnerabilities, including SQL injection, information disclosure, IDOR, and application-level DDoS threats, and rectified more than 20 medium-severity vulnerabilities, such as CSRF, broken authentication, and 2FA bypass. My meticulous documentation of findings provides actionable insights and remediation strategies.I have consistently updated and implemented secure software development policies, delivering presentations on secure coding practices to development teams. My proficiency extends to testing web-based APIs and mobile applications, including SSL pinning bypass and iOS jailbreaking. I have conducted thorough source code reviews for applications developed using Node.js, Angular, and PHP, providing recommendations for improving code quality and security practices.Collaboration is key in my approach, as I work closely with IT and cross-functional teams to enhance the overall security posture of organizations. My experience includes utilizing Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools, deploying containers via CI/CD pipeline tools like GitHub Actions, GitLab Pipelines, Jenkins, Terraform, and AWS security measures.My bug bounty hunting experience has further honed my skills, allowing me to successfully identify over 200+ vulnerabilities ranging from critical to medium severity. I have participated in challenges at portswigger.net labs, hackthebox machines, and Capture The Flag (CTF) competitions, demonstrating my proficiency in scripting languages such as Python and Bash.I am well-versed in industry-standard frameworks such as OWASP, CWE, CVE, ATT&CK, NIST, and ISO 27001. I have conducted in-depth application security risk assessments across diverse projects, resulting in the successful identification and remediation of over 150+ vulnerabilities. My collaboration with security architects and the software team has ensured adherence to established security standards and protocols.

Ashhad Ali's Current Company Details
Bank AL Habib Limited

Bank Al Habib Limited

View
Application Security Analyst
Pakistan
Website:
bankalhabib.com
Employees:
11432
Ashhad Ali Work Experience Details
  • Bank Al Habib Limited
    Application Security Analyst
    Bank Al Habib Limited
    Pakistan
    View
  • Carecloud
    Vapt
    Carecloud Oct 2023 - Present
    Pakistan
    Performed penetration testing and vulnerability assessments on web applications, networks, and mobile apps using advanced tools.Discovered and remediated high-severity vulnerabilities like SQL injection, IDOR, and application-level DDoS threats, along with medium-severity issues such as CSRF and broken authentication.Documented detailed reports outlining vulnerabilities, their impacts, and recommended mitigation strategies.Updated and implemented secure software development… Show more Performed penetration testing and vulnerability assessments on web applications, networks, and mobile apps using advanced tools.Discovered and remediated high-severity vulnerabilities like SQL injection, IDOR, and application-level DDoS threats, along with medium-severity issues such as CSRF and broken authentication.Documented detailed reports outlining vulnerabilities, their impacts, and recommended mitigation strategies.Updated and implemented secure software development policies, ensuring adherence to secure coding standards and educating development teams.Conducted source code reviews for applications developed in Node.js, Angular, and PHP, identifying vulnerabilities and suggesting security improvements.Collaborated with IT teams to share security insights, coordinate response efforts, and implement security measures.Utilized SAST and DAST tools, deployed containers via CI/CD pipelines, and addressed security incidents, including AWS S3 bucket issues. Show less
    View
  • Independent
    Independent Security Researcher
    Independent Aug 2020 - Present
    Sindh, Pakistan
    Identifying security vulnerabilities and weaknesses in web applications, software, and systems.Conducting thorough security assessments, including penetration testing and vulnerability analysis.Participating in bug bounty programs to uncover and report security flaws.Employing manual and automated testing techniques to identify potential exploits and vulnerabilities.Crafting detailed and actionable vulnerability reports for organizations and platforms.Collaborating with… Show more Identifying security vulnerabilities and weaknesses in web applications, software, and systems.Conducting thorough security assessments, including penetration testing and vulnerability analysis.Participating in bug bounty programs to uncover and report security flaws.Employing manual and automated testing techniques to identify potential exploits and vulnerabilities.Crafting detailed and actionable vulnerability reports for organizations and platforms.Collaborating with development teams to ensure proper remediation of identified issues.Demonstrating ethical hacking practices and responsible disclosure of vulnerabilities.Continuously improving technical skills and staying updated on the latest hacking techniques and security trends.Contributing to the improvement of security postures by enhancing defensive strategies.Building a strong network within the cybersecurity and bug hunting community.Providing insights and recommendations to organizations for strengthening their cybersecurity measures.Upholding the highest ethical standards while uncovering vulnerabilities and contributing to a safer digital landscape Show less
  • Alnafi
    Penetration Tester
    Alnafi Feb 2022 - Feb 2023
    Canada
    • Conducted penetration testing and vulnerability assessments on computer systems, networks, and applications using Nmap, Nessus, and OpenVAS. • Utilized a range of tools and techniques, including Metasploit and Burp Suite, to simulate real-world attacks and identify many vulnerabilities. • Performed automated and manual analysis of vulnerability assessments on Web, API, Mobile, Network/OS/Server. • Collaborated with clients to understand security needs and provided… Show more • Conducted penetration testing and vulnerability assessments on computer systems, networks, and applications using Nmap, Nessus, and OpenVAS. • Utilized a range of tools and techniques, including Metasploit and Burp Suite, to simulate real-world attacks and identify many vulnerabilities. • Performed automated and manual analysis of vulnerability assessments on Web, API, Mobile, Network/OS/Server. • Collaborated with clients to understand security needs and provided guidance and recommendations for vulnerability remediation. • Created detailed reports outlining findings and improvement recommendations. • Identified web application vulnerabilities using OWASP ZAP, SQL map, and nuclei. • Provided guidance to clients for improving security posture, utilizing security-focused technologies such as firewalls and intrusion detection/prevention systems. • Conducted comprehensive application security risk assessments for various projects, resulting in the identification and remediation of 20+ vulnerabilities. • Assisted in defining and implementing risk mitigation strategies, which were implemented by clients. • Provided expert advice on secure coding practices to development teams, helping them to write more secure code. • Documented findings and recommendations for secure application development in clear and concise reports. Show less

Ashhad Ali Education Details

Frequently Asked Questions about Ashhad Ali

What company does Ashhad Ali work for?

Ashhad Ali works for Bank Al Habib Limited

What is Ashhad Ali's role at the current company?

Ashhad Ali's current role is Application Security Analyst.

What schools did Ashhad Ali attend?

Ashhad Ali attended Ghanimah, Iqra University (Official), Superior College.

Who are Ashhad Ali's colleagues?

Ashhad Ali's colleagues are Sahir Ali, Karar Haider Syed, Syed Ahsan Sabir, Muhammad Hasan, Muhammad Naveed, Askari Haider, Muhammad Salman Uddin.

Not the Ashhad Ali you were looking for?

  • Ashhad Ali

    Ashhad Ali
    Brand Growth & Ppc Strategist
    Islāmābād, Pakistan
  • Ashhad Ali

    Ashhad Ali
    Software Engineer At Wateen Telecom Limited
    Lahore
  • Ashhad Ali

    Ashhad Ali
    Devops Engineer | Aws | Maju'25 | Bscs | Sfpc ® | .Net | Wordpress | Shopify | Pmec ® | Jira ® | Selenium ® | Git Github ® | Ansible | Terraform
    Karāchi
  • Ashhad Ali

    Ashhad Ali
    Aso Executive | Organic Growth | User Acquisition | Seo | Google Ads | Roas Campaigs| Profitable Roi | Analytics Ga4
    Faisalabad
  • Ashhad Ali

    Ashhad Ali
    Learners Republic Policy Fellowship | International Relations Analyst | Research Writer
    Karāchi
View similar profiles

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Aero Online

Your AI prospecting assistant

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.