Rami Reddy Allam

Andhra Pradesh Technology Services

04.2021 - 03.2024

Experienced in conducting thorough penetration testing on over 100 web applications across diverse sectors including healthcare, e-commerce, banking, and government initiatives.
Identified and mitigated various vulnerabilities including SQL Injection, Cross-Site Scripting (XSS), XML External Entity (XXE) injection, Account Takeover, Local File Inclusion (LFI), Insecure File Upload, Broken Access Controls, Business/Application Logic Bypass, Remote Code Execution (RCE), Insecure Direct Object References (IDOR), Privilege Escalations, Insecure Deserialization, Server-Side Request Forgery (SSRF), Server-Side Template Injection (SSTI), and Insecure Designs.
Applied industry standards such as OWASP, NIST, and MITRE frameworks to ensure comprehensive coverage and adherence to best practices in web application security.

Experienced in conducting penetration testing on over 60 mobile applications spanning various categories, utilizing technologies like React Native, Flutter, Xamarin, and Progressive Web Apps.
Identified vulnerabilities such as SQL injection, business/application logic bypass, reflected file download, flaws in S3 buckets, insecure storage, insecure logging of data, hardcoded sensitive information, root detection bypass, jailbreaking detection bypass, SSL pinning bypass, account takeover, and authentication/authorization issues.

Executed over 25 Vulnerability Assessment and Penetration Testing (VA/PT) assessments on network infrastructure across a wide range of sectors including Defense, Electricity, OT/SCADA, Police department, Emergency services, Financial services, Industrial development, and IT sector.
Identified vulnerabilities such as device and framework-centric CVEs, weak credentials exploitation, Windows-centric vulnerabilities related to SMB, RDP, exploitation of unauthorized services(LDAP, TNS Listener etc..), and exploitation of default services and Credentials( snmp, sql, postgresql).

Conducted penetration testing on REST and SOAP APIs across various domains, identifying vulnerabilities such as broken object and functional issues, injection attacks, authentication issues, rate limiting, mass assignment, open/unvalidated redirection, insecure file uploads, misconfigurations, business logic flaws, excessive data exposure, and Cross-Site Request Forgery (CSRF).

Performed penetration testing and compliance assessments on diverse domains within payment gateways , encompassing aspects such as offers, discounts, prices, discount eligibility, products, and maximum discounts.
Performed rigorous penetration testing activities including injection attacks and checksum verification to identify vulnerabilities and ensure robust security measures. Adhered to compliance standards such as PCI DSS, PA-DSS, and GDPR, conducting comprehensive assessments to ensure regulatory adherence and data security.

Conducted penetration testing on thick client applications , identifying issues such as DLL hijacking, insecure validation and injections, insecure storage of sensitive data, buffer overflow, authentication bypass, privilege escalations, command injections, and hardcoded sensitive data.

Executed Red Team assignments including social engineering, targeted phishing, Google dorking, credential spraying, DoS attacks, sub-domain takeover, DNS attacks, RCE, and mail server takeovers.

Collaborated with cross-functional teams to mitigate reported issues and suggested best solutions to resolve issues without affecting users.

Served as single point of contact for working closely with CERT-In, testing government microservices AUA/KUA, NSDL, and health services.

Developed internal website to streamline th vulnerability management process, including project entry, adding proof of concepts (POCs), generating single PDF reports consolidating findings, issuing safe hosting certifications, and automatic generation of CERT-In datasheets.

Achievements:
Successfully mitigated vulnerabilities across various sectors, ensuring enhanced security posture and compliance with industry standards.

Developed and implemented streamlined processes for vulnerability management, resulting in improved efficiency and effectiveness in addressing security issues.

Recognized for outstanding contributions in security testing and collaboration with cross-functional teams.

Summary