Avinash Mali

Security Analyst with hands-on experience in Web, Mobile, and Network VAPT, Information Security Audits, and Cyber Resilience Assessments for the banking and financial sector. Skilled in identifying vulnerabilities, conducting penetration testing, and strengthening security posture through actionable recommendations. Proficient in tools like Burp Suite, Nmap, Wireshark, Kali Linux, MobSF, and Frida, with a solid foundation in programming and database technologies (C, C++, Java, MySQL, PHP, .NET). Experienced in conducting IS, GAP, SAR, and CSCR audits aligned with RBI and SEBI cybersecurity frameworks. Certified CEH v12, with strong knowledge of industry-standard security protocols, internal audits, and bug bounty practices. Adept at collaborating with cross-functional teams to ensure compliance, mitigate risks, and enhance organizational resilience against evolving cyber threats.

• NMAP
• Burp Suite Professional
• Kali Linux
• Wireshark
• Android Studio
• Mobsf
• Frida

Online Movie Ticket Booking System Final 

year BCA project involving the design and development of a web-based application for booking movie tickets online, including user registration, movie selection, and payment integration features.

Bank Client Vulnerability Assessment and Penetration Testing 

Conducted end-to-end VAPT for a leading bank’s network infrastructure, identifying misconfigurations and outdated components. The engagement included testing of web applications, Android apps, and involved comprehensive audits such as Information Systems (IS) Audit, GAP Audit, and SAR (System Audit Report) Audit, ensuring compliance with IRB cybersecurity guidelines and banking security standards.
Stock Brokers Platform Security Review 

Executed a CSCR audit and performed Network, Web, Android, and API-level VAPT on a stock brokerage's trading platform. The project aligned with SEBI’s Cybersecurity and Cyber Resilience Framework for Stockbrokers, focusing on secure trading operations, regulatory compliance, and platform hardening.