Scribd Logo
Upload

Welcome to Scribd!

  • Abhishekk Sharma

    Uploaded by

    shrikrishna_arjun
    57 views4 pages
    vc

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    vc

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    57 views4 pages

    Abhishekk Sharma

    Uploaded by

    shrikrishna_arjun
    vc

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Abhishek Sharma

    Delhi: +919811131418
    Email Id: sharma.abhishek1106@gmail.com
    OBJECTIVE:
    To secure a challenging job as a Security Consultant and utilize my proven IT Security experience to help
    organization become more secure and efficient.

    Education and qualification:

    B.Sc. Information Technology from Sikkim Manipal University


    10+2 from Diwakar Model School, Sahibabad.
    10th from St. Thomas school Sahibabad.

    PROFESSIONAL EXPERIENCE SUMMARY:

    As a Security Consultant having 6 years of experience in mobile/Web Application Penetration


    Testing and Audits.
    As a Security Consultant executed projects in Government Sector (MTNL, Delhi Police),
    Experience in Mobile /web Application Security Testing and Penetration Testing for large user
    based/content management based/payment gateway website/mobile applications
    Handling various technical aspects like project documentation, report preparation and
    reviewing the documents.
    Proficient in understanding application level vulnerabilities like XSS, SQL injection, response
    splitting attacks, session hijacking, authorization bypass, weak cryptography, authentication
    flaws & design level vulnerabilities along with the defense mechanisms.
    Expert in web security testing tools like Proxy Editors, Network Sniffing tools, Web-Vulnerability
    scanners.
    Well versed with OWASP Top 10.
    Proficiency in creating Threat profile for different types of applications
    Knowledge of different phases, methodologies, concepts and procedures involved in the PT/VA.
    Sound knowledge on remediation process for the vulnerabilities identified during the
    assessment
    Other Industrial Exposure:

    1. Certified Ethical Hacker v7 (EC Council)

    2. Certified Security Analyst (ECSA) - EC-Council

    3. Offensive Security Certified Professional

    TOOLS:

    Kali linux GDB, Hopper, IDA Pro Cycript, class-dump-z Nmap, Nessus, Msf,Dex2jar, apktool, introspy,
    IDB, genymotion, Appscan/Burpsuite
    Professional Exposure:

    Dicetek LLC (Dubai) (Consultant)

    July 2016 to till date

    Client Name: Union national Bank


    Role: Penetration Tester
    Role Description:
    Perform Web Application Security reviews (Black Box Testing) using automated tool and
    detailed manual looking for typical web application specific security holes like Cross Site
    Scripting , SQL Injection ,URL Redirection , cookie manipulation, fraudulent transactions as well
    as attempts to avert the business logic of the application. Analysis of findings and
    recommendations to mitigate the identified vulnerabilities
    Performed VAPT for Android & iOS Applications of the Bank
    Preparing security test strategy and test cases for the client
    Web/Mobile application security testing as per OWASP top 10
    Manually testing of web application, mobile application (iOS & android)
    Review and define mobile device/embedded/control systems product security requirements
    Identify security issues and risks, and develop mitigation plans
    Evangelize security within the group and be an advocate for customer trust and data protection
    Evaluate and recommend new and emerging security products and technologies

    ISYX technologies, Dubai (Information Security Consultant)

    February 2016 to till July 2016:

    Performing Web and mobile Application Security Assessments and Penetration Testing for various ISYX
    clients This Penetration Test included latest exploits, Information Gathering, Vulnerability Scanning
    using tools like Nessus, Web Inspect, Burp Suite pro, Zed Attack Proxy, Paros Web Proxy etc.
    Project Title: Mobile and web application Security
    Client: Abu Dhabi Media
    Team Size: 2
    Role Description: 1.Identify the security issues according to the OWASP both by automated tools and by
    manual.
    Conducted Manual Web Application Security Assessment for complex Web Apps
    Performing Mobile Application Security Assessments for many of the ADM developed mobile apps
    (iPhone and Android Apps).

    Honeywell Technology Solutions (Sr. Test Engineer)

    April 2015 to October 2015

    Review and define mobile device/embedded/control systems product security requirements


    Identify security issues and risks, and develop mitigation plans
    Evangelize security within the group and be an advocate for customer trust and data protection
    Evaluate and recommend new and emerging security products and technologies
    Build/Maintain the infrastructure for internal/external penetration tests and vulnerability assessments
    Mentor software engineering teams on security best practices
    Assist with creating information security policies.

    Performing Mobile Application Security Assessments for many of the Honeywell developed mobile
    apps (iPhone and Android Apps).
    Contributing and maintaining Honeywell web applications security methodology, procedures and web
    application security guidelines, writing articles for internal Honeywell IT security portals.

    Tech-Mahindra Ltd (Sr. Security Analyst)

    (September 2014 to March 2015)

    Client Name: Verizon


    Role: Test Engineer
    Team Size: 2
    Role Description:
    Perform Web Application Security reviews (Black Box Testing) using automated tool and
    detailed manual looking for typical web application specific security holes like Cross Site
    Scripting , SQL Injection ,URL Redirection , cookie manipulation, fraudulent transactions as well
    as attempts to avert the business logic of the application. Analysis of findings and
    recommendations to mitigate the identified vulnerabilities
    Performed VAPT for Android & iOS Applications
    Preparing security test strategy and test cases
    Web application security testing as per OWASP top 10
    Manually testing of web application

    Fareportal India Pvt Ltd (Gurgaon) (Information Security Engineer)

    October- 2013 September 2014

    Performing Web Application Security Assessments and Penetration Testing for various Fareportal India
    based web applications. This Penetration Test included latest exploits, Information Gathering,
    Vulnerability Scanning using tools like Nessus, Web Inspect, Burp Suite pro, Zed Attack Proxy, Paros Web
    Proxy etc.
    Exploiting known vulnerabilities in the web application through SQL Injection, Cross Site Scripting and
    other attacks. Web Application Security testing is based on the industry recognized OWASP
    methodology.

    Providing assistance and consultation on PCI Compliance. Performing Application/ Network Security
    Assessment for the PCI DSS compliance requirement
    Conducting trainings on Security Awareness, Secure SDLC, OWASP top 10 vulnerabilities and on ways
    to curb them at code level, etc to developers.

    Professional Exposure:

    Ctg Security Solutions (Information Security Consultant)

    (October 2010 to April 2013)


    2.5 years of working experience in handling information security in IT firm.
    Analyzing code for security vulnerabilities through penetration testing in the web application
    Working on application security analysis of Ctg security clients (Mahanagar Telephone Nigam
    Ltd, Indian Police Services)
    Identify the security issues like CSRF, XSS, SQL Injection both by automated tools and by manual
    o Performing Penetration Testing and preparing demos and detailed report of the
    identified vulnerabilities
    o Knowledge of various application, system architecture security and practices
    o conducted Manual Web Application Security Assessment for complex Web Apps
    o Good Knowledge of Security Standards like OWASP.

    Project Details:
    Project Title: Web application Security
    Client: Mahanagar Telephone Nigam Ltd (MTNL)
    Role: Test Engineer
    Team Size: 2
    Duration: Mar 2012 - Sep 2012
    Role Description: Performing Penetration Testing and preparing demos and detailed report of the
    identified vulnerabilities.
    Conducted Manual Web Application Security Assessment, Identify the security issues like, XSS, SQL
    Injection both by automated tools and by manually.

    Project Title: Website and web application Security


    Client: Delhi Police
    Team Size: 4
    Duration: Jun 2011 - Dec 2011
    Role Description: 1.Identify the security issues according to the OWASP both by automated tools and by
    manual.
    Conducted Manual Web Application Security Assessment for complex Web Apps

    PERSONAL SKILLS:
    Comprehensive problem solving abilities, excellent verbal and written communication
    skills, ability to deal with people diplomatically, willingness to learn team facilitator hard
    worker

    PERSONAL PROFILE:
    Name : Abhishek Sharma
    Fathers Name: Sh Rakesh Sharma

    Nationality : Indian
    Date of Birth : 11 June 1990
    Languages: English and Hindi
    Place : Ghaziabad

    You might also like