Deep Mala Sahu

VAPT-Perform Vulnerability assessment and Penetration testing of web based, mobile and thick client applications, web services security assessment (REST APIs ). Handled multiple projects in domains like Finance, Telecom, Healthcare and Energy domain.

Managing team- Leading the team of 4 consultants and delegating them weekly tasks and managing it. Conducted training for all colleagues about architecture review and threat modelling.

DevSecOps- Integrated Fortify SCA docker image for Linux and windows, Owasp dependency check containerize image , SSC , Webinspect and Nexus with Jenkins and worked on the other integration part of security tools with the CI/CD pipeline. Implement automation that supports DevSecOps practice in secure SDLC. Have also worked on many opensource security tools integration with DevOps pipeline like Sonarqube, OWASP ZAP, Snyk, Arachni ,Clair, Nmap etc.

Tools- Burpsuite, Jenkins, Fortify, Docker, Clair, Nexus, Kali, SD elements, IBM Appscan standard, Acunetix, SQLmap, Qualsguard, Genymotion, Netsparker, android studio, MobSF, dex2jar, jd gui, Nessus, Nmap, Firebug, XSS Me, SQL Inject Me, Echo mirage, Process monitor,HPSM.

Advanced PenTest- Perform black box pentesting of APIs, web, mobile applications for Investment banking industry and healthcare industry. Worked on few of the thick client assessments to exploit the vulnerabilities manually

QA- Identify and resolve any false positive findings in assessment results Cross check vulnerability assessment reports as QA.

SAST-Involved in secure code review analysis. Involved in false positive remediation of vulnerabilities and lead the remediation call to explain the vulnerabilities in code.

Tools- Burpsuite, Jenkins, Fortify, Docker, Nexus, IBM Appscan standard, Acunetix, Kali, SQLmap, Qualsguard, Genymotion, Netsparker, android studio, MobSF, dex2jar, jd gui, Nessus, Nmap, Firebug, XSS Me, SQL Inject Me, Echo mirage, Process monitor,HP webinspect

-Vulnerability assessment and Penetration Testing for different client’s applications.

-Performed External Network Vulnerability Assessment and Penetration Testing using Nmap and Nessus.

-Performed Vulnerability assessment and Penetration Testing for multi domain applications Based on Android as well as IOS.

- Identify and resolve any false positive findings in assessment results.

-Enhance proactive closure/mitigation of vulnerabilities identified by various sources

- Hands-on experience with commercial and open-source network and application security testing tools.

- Full accountability for own technical work and project responsibilities.

· Identifying vulnerabilities of the Intranet facing 40 applications twice a year.

· Tested web applications for flaws like Cross-site scripting (XSS), Cross frame scripting (XFS), IDOR, CSRF, session-related vulnerabilities etc.

· Analysed findings and detailed recommendations to mitigate the identified vulnerabilities

· Prepared a final penetration testing report for the client that contains the identified vulnerabilities, their severity and mitigation for that vulnerability.

· Performed Vulnerability testing for the client according to the new release of development every month

· Responsible for raising defects in QC tool for the vulnerabilities found.

· Responsible for taking calls with the Stakeholders on daily basis for giving demo/walkthroughs for the critical security vulnerabilities found in the application.

· Responsible for giving demo/walkthroughs to the developers on call of all the issues/vulnerabilities found.