Aneesh Narain

Looking for a challenging position where I can utilize my skills to the extent possible to achieve individual as well as organization goals.

• CEH V11 (Certified Ethical Hacker Version11)
• Fortinet: Network Security Associate-1
• Fortinet: Network Security Associate-2
• Fortinet: Network Security Associate-3
• Preparing for OSCP

Information Security Analyst, Networking, L3/L7 Network Security, Ethical Hacking, Security Information and Event Management Vulnerable Assessment & Penetration Testing (VAPT), Hardening, Server, Firewall, TCP/IP.

PRISMA CLOUD/ Firewall: 

• Currently working under solution team, where I take care of end to end deployment as well as validation of different features and functionalities., Tested multiple functionalities on PRISMA cloud deployed Paloalto firewalls like CASB, SAAS Inline, WildFire, IoT, FEDRAMP. Deployed Paloalto firewall on Azure cloud and validated all L7 functionality.

FortiPentest:

• I will perform end to end testing for FortiPentest tool, which detects vulnerabilities on Web Applications. Apart from that I use to validate the deployment infrastructure where we will cover Docker container validation as well as cloud deployment of our tool. So worked on Azure and GCP for cloud deployment. Initially tool was designed to detect vulnerabilities related to OWASP Top 10, but now new coverage has been added and I have to validated different functionalities., So my role is to come up with the test cases and targets for validating functionality of the tool. Then review it with Product Management and Dev team. Fox ex: If I need to validated RCE functionality then we need to created targets and test case to cover all possible scenarios so that tool should not report FP or FN. So I have tested multiple Injections like SSTI, SQLi, NoSQL, LDAP, etc. , XSS, SSRF, CSRF, Security misconfiguration, Using component with known vulnerabilities, broken Authentication, session fixation, recon engine, zero day vulnerabilities, Scanning Networks, Enumeration, Session Hijacking, Buffer Overflow, Cryptography.

FIPS-CC Certification:

• I have worked on making Fortinet products get certified for FIPS-CC. FIPS 140-2 and Common Criteria are two security-product certification programs run by government. FIPS 140-2 says the cryptographic parts of a product must be done to the government’s satisfaction. Common Criteria details a range of security related topics (like auditing, or software development practices) and what the government requires for different types of products., So my role was to come up with the test cases for all different Fortinet products, so test cases will vary for different products like firewalls, Controllers Access Points. Where we will focus mainly on hardening the product like cryptography, certificates, privilege escalation, password hardening, external communication encryption and many more. So after internal testing we send our product for certification.

L2/L3 and security Protocol testing:

• This Project involve testing different protocols related to L2/L3 and some security protocols. So I need to perform both Manual and Automation. Protocols tested: SSL, 802.1x, OSPF, BGP, RIP, VLAN, ARP, ICMP, ETHERNET, STP and RSTP, IP FORWARDING, WLAN Controllers. Brief testing of IPV6, IPsec and Wireless protocols like (802.11 a/g/n ), Understanding the feature, requirements and the scope of the feature for testing. Test topology setup Come up with test cases and review it with product management and Dev team. Modification the test scripts by using Python. Manual testing and verification of the expected results. Bug reporting Result documentation. Support on customer issue’s, This Project involved to work with customer requirement, Reproducing issue to our lab environment Raise an internal bug to work with Developers. write Test plan, Test cases related to this issue. Used to automate test cases by using existing framework and Python and integrate it to regression.