DIVYA PONNAPATI

• Led and coordinated penetration testing on critical Crown Jewels KFAS (Key Functionality Assets, and Services) systems, including 70 web applications, 25 SAP instances, and 50+ infrastructure components, identifying and remediating 430+ vulnerabilities, significantly enhancing security and safeguarding key business assets
• Managed end-to-end bug bounty program (private and public) for a client, coordinating with multiple stakeholders to define the program scope, covering over 230 assets
• Establishing engagement rules, resulting in enhanced vulnerability identification and improved security posture
• Coordinated lifecycle of bug bounty program, leading efforts to resolve 300+ vulnerabilities reported by security researchers, prioritizing remediation actions to reduce security risks by
• Performed security configuration review on different technologies e.g. SAP, HANA
• Conducted penetration testing on a major e-commerce site, uncovering critical vulnerabilities like "Broken Access Control" and "Business Logic Bypass", leading to the identification and remediation of over 20 high-risk vulnerabilities
• Streamlined the penetration testing demand management workflow by providing comprehensive technical insights and detailed specifications, enhancing process efficiency 75%

Banking & Financial Sector Projects

• Led comprehensive security assessments for banking and financial institutions, identifying and mitigating 30+ security risks, and ensuring 100% compliance with regulatory standards, including PCI-DSS, resulting in a stronger security posture and minimized security threats.
• Performed in-depth source code reviews, identifying critical vulnerabilities and providing actionable remediation recommendations to strengthen application security and reduce the risk of exploitation.
• Conducted Vulnerability Assessments (VA), Card Data Discovery, and Compliance Audits for Windows and Unix servers, ensuring adherence to PCI-DSS and other industry standards, and improving system security and compliance.
• Delivered detailed security reports with prioritized remediation strategies, enabling clients to address critical vulnerabilities and improve their overall security posture.

Key Qualifications & Responsibilities

• Performed Grey-box and Black-box testing as part of BAU activities on 80+ web applications across industries, including Retail, E-commerce, and Portal applications. Utilized both automated and manual testing approaches to identify critical security vulnerabilities.
• Identified and documented critical vulnerabilities, such as SQL Injection, Insecure Direct Object Reference (IDOR), OTP bypass, and Account Takeover, in 30+ high-priority applications, leading to the remediation of 20+ vulnerabilities, and improving overall security posture.
• Led Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) on mobile applications, uncovering vulnerabilities across client-side and server-side components, enhancing mobile app security.
• Performed security assessments for APIs, thick client applications, and web services, ensuring end-to-end security and minimizing risks related to data exposure and unauthorized access.
• Managed vulnerability remediation cycles, coordinating with development teams and business stakeholders to address and resolve critical security defects, ensuring timely closure and risk reduction.
• Contributed to DevSecOps initiatives, integrating security testing into the CI/CD pipeline to automate security checks, streamline vulnerability detection, and improve the efficiency of security controls in the software development lifecycle.