Summary
Overview
Work History
Education
Skills
Certification
Accomplishments
Timeline
CustomerServiceRepresentative
Smit Shah

Smit Shah

Freelance Pentester
Ahmedabad,Gujarat, India

Summary

Smit is a seasoned security professional possessing 8 years of experience in Information Security domain. He posses a wide experience in vulnerability assessment and penetration testing of web applications, mobile apps, APIs, thick client apps, network and infrastructure. He has reported vulnerabilities in Barracuda Networks, Secunia, SANS, WebSecurify, Scanmyserver, KudelskiSecurity and many other IT Security & Tech Giants. He has worked on more than 50 full length private penetration testing projects in last 5 years. He loves to participate in bug bounty programs and is also a Synack Red Team Member since 2016. He holds few CVE ID for reporting zero day vulnerabilities to open source software like edX, Ninja Forms, etc.

Overview

3
3
Languages
1
1
Certification
4
4
years of post-secondary education
9
9
years of professional experience

Work History

Independent Security Consultant

Acute Informatics Pvt. Ltd.
07.2018 - Current
  • Acute Informatics is an Independent Software Vendor who develops banking software like Core Banking Solution (CBS), Net Banking Solution, Mobile & Tab Banking, ATM Solution, NACH Solution, NEFT/RTGS Solution and 20+ other banking apps
  • As an external security consultant, I work on performing a pentest of all their banking products
  • Additionally, I am responsible for performing quarterly pentests of their Internal Network, Data Center & Disaster Recovery Site
  • Follows Cyber Security Compliance Framework issued by Reserve Bank of India (RBI)

Freelance Penetration Tester

MSL Solutions
09.2020 - 11.2020
  • Worked on pentesting MSL Solution's MPOWER BI Portal & Server
  • Served Live Vulnerability Sheet for immediate attention and fix by client's developer team
  • Submitted a comprehensive report with steps to reproduce, working proof of concept, video demonstrations, impact, exploit scenario, references and accurate remediation strategy.
  • Performed retest to evaluate the fixes applied by the dev team
  • Submitted a certificate to comply with a Compliance Framework

Independent Security Consultant

75+ Urban Co-operative Banks in India
01.2019 - 03.2020
  • Helped 75+ Urban Co-operative Banks to understand RBI's Cyber Security Framework (Basic & Comprehensive)
  • Assigned necessary resources for performing VAPT of Bank's IT Infrastructure as required by Reserve Bank of India (RBI)
  • Studied VAPT Reports and helped all these banks to mitigate the security risks and reported security vulnerabilities
  • Helped all these banks to procure necessary security solutions like Firewall, End Point Security, Business Domain & Emails, etc.
  • Submitted Compliance Certificates to Reserve Bank of India (RBI) for all these banks in a stipulated time

Freelance Penetration Tester

Class & Co (acquired by RCI Bank & Services)
07.2018 - 10.2018
  • Worked on pentesting Yusofleet (a product of Class & Co)
  • Performed pentesting on Yusofleet Old & New Front (Web based), Yusofleet API, Android App and iOS App
  • Submitted detailed vulnerability reports separately for each items in scope
  • Explained vulnerability reports to security engineer in charge and helped them to fix the reported vulnerabilities

Freelance Penetration Tester

Innovero Software Solutions B.V. (Formdesk)
05.2018 - 10.2018
  • Worked on pentesting Formdesk Web Application & SOAP API
  • Submitted a comprehensive vulnerability report with detailed steps to reproduce, working proof of concept, impact, exploit scenario, references and accurate remediation strategy.
  • Performed a retest to evaluate the fix and submitted a retest report

Freelance Penetration Tester

Expensya
03.2018 - 04.2018
  • Worked on pentesting Expensya - An Automated spend management product (Web Endpoint)
  • Objective of the pentest was a pre-validation before the partner company performs a pentest on Expensya
  • Submitted a detailed vulnerability report that helped client to highly reduce the number of vulnerabilities discovered by a partner company
  • Performed a thorough retesting to evaluate the applied fix

Freelance Penetration Tester

Etison LLC (Clickfunnels)
05.2017 - 04.2018
  • Worked on pentesting Clickfunnels Funnel Builder, Actionetics, Backpack, Marketplace, Admin Panel and Wordpress Plugin throughout the year
  • Managed detailed vulnerability reporting through Pivotal Tracker
  • Coordinated with Internal Team to explain the reports thoroughly
  • Performed retesting and helped team to push the fix in a timely manner

Freelance Penetration Tester

Asynth SAS. (SpaceDesigner3D)
04.2017 - 03.2018
  • Worked on pentesting SpaceDesigner3D Web Application, API & Web Server
  • Secure Code Review (Client Side Code & Server Side Code)
  • Submitted a developer friendly vulnerability report with detailed steps to reproduce, working proof of concept, impact, exploit scenario, accurate recommendation strategy
  • Suggested Email Security Policies

Senior Security Analyst & Trainer

Advanced Techdefence Pvt. Ltd
07.2014 - 09.2016
  • Conduct a complete Manual VAPT Testing for clients, discovers privilege escalation vulnerabilities, business logic bypasses which an automated tool cannot.
  • Conduct complete Web Application Vulnerability Assessment & Penetration Testing project for clients, generating detailed report and coordinate with them for fixes.
  • Researching on Mobile Application Security.
  • Secure Web Application Development using WordPress CMS.
  • Investigate Cyber Crime cases at own, traces IP address and detect approximate location of hacker/attacker.
  • Reversing software using debuggers – basic.
  • Monitor the Security of critical systems (e.g., e-mail servers, database servers, web servers, etc.) and changes to highly sensitive computer security controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
  • Managing dual designations at company and aided company in launching new course dedicated to Web Application Security as per OWASP Top 10 2013 standards.
  • Responsible for Security of company's upcoming Cloud Based Automated Web Application Security Scanner.
  • Responsible for Security of www.techdefencelabs.com, www.hacktrack.co.in and www.ccseonline.in.
  • Imparting training for Cyber Security to professionals, police, students and all enthusiasts who comes to us.
  • Delivering 2-Day (16 hours) Workshop on Ethical Hacking & IT Security to students at their respective colleges, universities etc.
  • Investigating Cyber Crime cases, coordinating and working with Cyber Cell Ahmedabad.
  • Identified vulnerabilities, recommend corrective measures and ensure the adequacy of existing information security controls.
  • Educated business unit managers, IT development team, and the user community about risks and security controls.
  • Prepared detail practices and procedures on technical processes.

Security Consultant

Payatu Technologies Pvt. Ltd
06.2014 - 07.2014
  • Worked on secure coding and porting vulnerable PHP codes to ASP.NET codes.

Education

Bachelor's Degree - Computer Engineering

Gujarat Technological University
08.2010 - 06.2014

Skills

    Web Application Pentesting

undefined

Certification

Certified Ethical Hacker (CEHv8), ID# ECC44414101291

Accomplishments

  • Discovered 0day Vulnerability in edX-Platform - https://open.edx.org/CVE-2015-2286
  • Discovered Security Vulnerability on PayPal - https://www.paypal.com/webapps/mpp/security-tools/wall-of-fame-honorable-mention.
  • Discovered Security Vulnerability on Barracuda Networks Website - https://barracudalabs.com/research-resources/bug-bounty-program/bug-bounty-hall-of-fame-2/.
  • Discovered Security Vulnerability on Sans.org Website. - https://www.sans.org/security/.
  • Discovered Security Vulnerability on WebSecurify.com – Reported a security vulnerability on Websecurify Website and got rewarded for the same.
  • Discovered Security Vulnerability on ScanMyServer.com, a product of BeyondSecurity - https://blogs.securiteam.com/index.php/archives/2255.
  • Discovered Security Vulnerability on Secunia.com - Reported several security vulnerabilities on Secunia.com and rewarded for the same by Secunia Team.

Timeline

Freelance Penetration Tester

MSL Solutions
09.2020 - 11.2020

Independent Security Consultant

75+ Urban Co-operative Banks in India
01.2019 - 03.2020

Independent Security Consultant

Acute Informatics Pvt. Ltd.
07.2018 - Current

Freelance Penetration Tester

Class & Co (acquired by RCI Bank & Services)
07.2018 - 10.2018

Freelance Penetration Tester

Innovero Software Solutions B.V. (Formdesk)
05.2018 - 10.2018

Freelance Penetration Tester

Expensya
03.2018 - 04.2018

Freelance Penetration Tester

Etison LLC (Clickfunnels)
05.2017 - 04.2018

Freelance Penetration Tester

Asynth SAS. (SpaceDesigner3D)
04.2017 - 03.2018

Certified Ethical Hacker (CEHv8), ID# ECC44414101291

07-2014

Senior Security Analyst & Trainer

Advanced Techdefence Pvt. Ltd
07.2014 - 09.2016

Security Consultant

Payatu Technologies Pvt. Ltd
06.2014 - 07.2014

Bachelor's Degree - Computer Engineering

Gujarat Technological University
08.2010 - 06.2014

Similar Profiles

  • PARAS MANOJ GANDHI

    PARAS MANOJ GANDHIPARAS MANOJ GANDHI

    Head Digix at Acute Informatics Pvt LtdHead Digix at Acute Informatics Pvt Ltd

  • J GURU

    J GURUJ GURU

    Backup Engineer IT Manager at ACUTE INFORMATICS PVT LTDBackup Engineer IT Manager at ACUTE INFORMATICS PVT LTD

  • Nitin Choudhari

    Nitin ChoudhariNitin Choudhari

    Software Engineer at Acute Informatics Pvt LtdSoftware Engineer at Acute Informatics Pvt Ltd

  • Tejas Patel

    Tejas PatelTejas Patel

    Freelance IT Trainer at Gujarat University & Rivera International SchoolFreelance IT Trainer at Gujarat University & Rivera International School

  • Dwij Pandya

    Dwij PandyaDwij Pandya

    Technical Designer at NIV EngineersTechnical Designer at NIV Engineers

CREATE PROFILE
Smit ShahFreelance Pentester