Vulnerability Assessment & Penetration Testing

   5th February 2017

Vulnerability Assessment & Penetration Testing

  • VULNERABILITY MANAGEMENT
    • Vulnerability & Threat Assessment by creating category of threats level using business / process impact, network traffic. Primary technology used is nessus 5.2.2/3/4. I am leading & mentoring the team of 3 analysts for entire project. Asset discovery compliance auditing & mapping of assets, patch auditing, vulnerability scanning & writing of respective policy for network devices, virtual hosts, operating systems, databases, web applications, compromise detection, and hybrid networks. Reporting and monitoring: flexible & customize reports to sort by vulnerability or host create an executive summary or compare scan reports to highlight changes. Vulnerability Management for
    • Insurance Sector It-Organization | Market Research Company | Leading Education System Firm
  • Endpoint Protection Management

Monitoring MacAfee endpoint agents: – Implementation of enterprise MacAfee endpoint protection system as node level defense system. Monitoring threat activity for entire network. Migration of MacAfee epo 4.5 to 5.0 along with integration of policies & controls.

 

  • WEB APPLICATION VULNERABILITY ASSESSMENT & PENETRATION TESTING
    • Performed host, network, and web application VULNERABILITY ASSESSMENT & PENETRATION TESTING. Performed network security analysis and risk management for designated systems. Proposed remediation strategies for remediating system vulnerabilities
    • Developed Security Assessment Plan, Security Assessment Report, Security Assessment Questionnaire, Rules of Engagement, Kick off Brief, and Exit Brief templates
    • Tests security control application and actual output verses desired output. Validates subject to object based authentication and authorizations of business and mission systems.Assesses potential vulnerabilities and validated the presence within targets architecture.Documents qualitative risks associated with vulnerabilities discovered during assessment.
    • Found common web site security issues (XSS, CSRF, session fixation, SQL injection, information leakage, application logic etc.) across various platforms. Developed vulnerabilities calculator to rate risk for vulnerability using Excel. Developed web application vulnerabilities plan for large scale projects. Created OWASP web application test cases and mapped them to associated projects.
    • Generate security reports on findings on the identification of vulnerabilities and offered remediation procedures to the client. Educated clients on best practice methodologies to harden their systems and minimize future attacks.
    • Conducted onsite penetration tests from an insider threat perspective. Performed application security and penetration testing using Rational Appscan , Acunetix, HP WebInspect, Checkmarx
  • Web Application VULNERABILITY ASSESSMENT & PENETRATION TESTING for …
    • Maharashtra State Government | Gujarat State Government | Goa Statement Govt | Indian Defense | H.R. Payroll Management System | Finance Application | Legal Document Management | KVMS (Key Vision Management System) | Access Management | File Tracking System | Payment Tracking System | Tourism Department
  • Checkmarx: – Implementation of checkmarx static source code analysis for different customers which includes software solution companies.