Yashwanth GopiKrishnamoorthy

SAST:

• Performed Automated security source code analysis using tools like Fortify, Checkmarx and IBM APPScan Source Edition
• Expertise in performing manual source code reviews on Enterprise web applications( Java,node js,.Net,COBOL,Ajax, ABAP), Frameworks: Spring, Struts, Hibernate and mobile applications (objective - C,Swift) using taint analysis.
• Experience in implementing DevSecOps - Fortify in Azure platform along with GitHub
• Performed consultation on SAST implementation in SSDLC which involved Evaluation of Tools, developing baseline severity levels, remediation approaches etc.. for manufacturing and retail domain applications.
• Involvement of direct interaction with clients and development teams to explain testing approach and business impact, discussing reports and helping out with code level remediation procedure.
• Conducting training session on SAST testing approach, Tool usage best practices and manual review methodologies for freshers and Interns.

DAST:

• Performed analysis using WebInspect, Accunetix and IBM standard edition.
• Manual Vulnerability assessment using burp professional, Fiddler etc for Enterprise web application.
• Expertise in performing dynamic testing for web applications in different platforms like PHP ,Java, WordPress, SharePoint,Cloud applications.
• Involvement of direct interaction with the clients and development teams to explain the testing approach, and business impact, discussing reports and helping out with the remediation procedure.

Threat Modeling & Architecture Review:

• Performed Threat Modeling for enterprise applications, Network devices (Cisco) and different platforms like SAP (SAP HANA, UI5 based applications), Salesforce (STRIDEL & MITRE)
• Performed architecture review for Web, Mobile and AWS based applications.

Team Management:

• Managing a team of security consultants, responsible for Quality deliverables,providing estimates, responding to RFP's related to SAST and DAST engagements.

• Responsible for performing Automated source code review using Fortify on web and mobile applications
• Communicating with developers to fix security issues
• Responsible for providing awareness on secure coding guidelines to developers.
• Responsible to authorize applications to move into production.
• Training freshers on application security testing methodologies and process of performing analysis.

Role: Programmer Analyst Trainee ( July 2010 Till December 2010)

• Completed full redesigns of existing websites to improve navigation, enhance visuals and strengthen search engine rankings.
• Conducted unit testing to deliver optimal browser functionality.
• Collaborated with in-house web designers to create sleek and innovative UI design.
• Interfaced with cross-functional team of business analysts, developers and technical support professionals to determine comprehensive list of requirement specifications for new applications.
• Developed REST webservices for applications based on automobile industry
• Developed Stored procedures on MySQL for web services and web applications.

Role: Programmer Analyst ( January 2011)

• To perform manual Secure code review on legacy java applications

• Coordinating with developers for fixing the security issues.
• Presentation of deliverable(Report) to the client

Role: Programmer Analyst ( April 2012)

• To perform penetration testing and source code review for .Net application.
• Providing fix recommendations to the developers.
• Configuring Firewall for the web applications(Imperva)
• Revalidation the defect fixes regularly after each sprint(Agile Model)

Role: Associate (April 2013)

• To perform Automated Vulnerability Assessment (IBM App Scan, Fortify)for Health Care applications(HIPAA Standards)
• To perform Automated Secure Code review (IBM App Scan)
• Security Testing for iOS based web applications(manual & automated)
• Providing fix recommendations to the developers.