Saravanan Sankaran

Application Security Architecture Review on several Security Products including in-house and vendor software. All the initiatives related to ‘Application Security’ Domain.

Responsibility:

Application Security Architecture Review (including cloud) .

Vendor assessment.

Standards, and Guideline preparation.

Application Security Strategy, Roadmap and Process document preparation.

Penetration Testing [Web , Mobile(iOS and Android) , API End Points]

False positive and Risk analysis.

Report walkthrough for the identified threat and vulnerabilities.

Re- assessment of all the activities once appropriate remediation completed.

Application Security tool evaluation before renewal.

Application Security Architecture Review on several security products and Penetration testing of those New/Changed scope of applications.

Responsibility

Application Security Architecture Review.

Penetration Testing (Web , Mobile , API etc).

Co-ordinate other team resource for assessment completion[Involved in Scoping, report walkthrough call and Escalation call].

Manual Database Security Assessment using SqlDeveloper DB client.

Dome9 AWS Scan Analysis.

False positive analysis and report delivery of all the above said activities.

Re- assessment of all the activities once appropriate remediation completed.

Work Assignment 1:
Static and Dynamic Application Security Testing, Security Architecture and Design review (Telecommunication Client).

Tool Used: IBM AppScan, CheckMarx, Nmap, Nessus, Burp suite and SqlDeveloper DB client.

Work Assignment 2:
Static and Dynamic Application Security Testing in Agile methodology(Travel and Hospitality client).

Tool Used: Veracode for SAST and DAST

Work Assignment 3:
Static and Dynamic Application Security Testing (Travel and Hospitality client).

Tool Used: Qualys WAS, Burp Suite and CheckMarx

Work Assignment 4:
Application Security Design Review, Threat and Risk Analysis (Airline Client).

Tool Used: NA. Manual(Approach) Review.

Work Assignment 5:
Static and Dynamic Application Security Testing, Security Process Gap Assessment and Thick Client Application Security Testing.

Tool Used: HP Fortify, HP WebInspect, Burp Suite, Wireshark, EcoMirrage and Sysinternals utility.

Work Assignment 6:
Dynamic Application Security Testing, Database vulnerability assessment and Management for more than 300 applications(World bank Client).

Tool Used: Trustwave Hailstorm, Burp Suite, Nessus, NCC SquirreL and DBProtect

Work Assignment 7:
Static Application Security Testing and Web Service Security Testing(Health Care client).

Tool Used: Manual Security Code Review-ASP.NET MVC code, Burp Suite and SOAP UI.

Overall Responsibility:

Security Design Review on High Level Design Documents (HLD) of various systems.

Threat Analysis on Low Level Design Documents (LLD).
Security Architecture review.

Interaction with various system vendors who supplied sub-system for the applications/systems.

HLD and LLD Walkthrough with Client’s Security team for security architectural approval for the systems.

Project effort and Cost finalization.

Assessment plan and approach preparation.

Security story creation and sign off from respective team.

Static and Dynamic Application Security Testing.

Infra and Database vulnerability Assessment.

Manual Database Security Assessment using SqlDeveloper DB client.

False positive,Risk analysis,Report walkthrough and Delivery.

Retesting of the remediated vulnerabilities.

Onsite and offshore team handling and delivery.

Client’s Security Process Gap Assessment.

Vulnerability Assessment on thick client applications (Apps Count: 5) using Wireshark, EcoMirrage and MS Sysinternal utilities along with Manual approach.

Security Source code review on Thin (Web) and Thick Client applications using HP Fortify and manual approach.

DAST Vulnerability assessment and management of more than 300 production applications.

Automated Security assessment on REST Web services and Manual vulnerability assessment using SOAP UI.

Dynamic Application Security Testing for particular telecom portfolio applications to identify vulnerabilities and ensure that their provided fixes address the reported vulnerabilities and make sure applications are secure.

Responsibility:

· Dynamic Web Application Security Testing using IBM Appscan Standard tool.

· False positives and Risk analysis.

· Technical/Management Report Preparation.

· Co-ordination with development team to make them understand the reported vulnerabilities for remediation.

Static and Dynamic Application Security Testing for banking applications.

Responsibility:

· Dynamic web Application Security Testing using manual approach with proxy tools.

· Application source code checkout using Subversion tool and Manual static security code review.

· Risk and impact analysis of the identified vulnerability.

· Co-ordination with development team to make them understand the reported vulnerabilities for remediation.