KANAKAIAH.

K
E-Mail: kanak415@gmail.com Mobile No: 91-7386120770, 91-9573894683.

Summary 5 + years of experience in Information Security, Application Security such as Web Application Security, Secure Static Code Analysis, Network Security. Sound knowledge and industry experience in Vulnerability Assessment and Penetration Testing on both Application based and Network related applications. Hands on experience in network, application, and web based vulnerability assessment scanning tools. Excellent knowledge in OWASP Top 10 2010, CERT Guidelines, WASC Threat Classification v2.0, OSSTMM, NIST, SANS Top 20 Most Dangerous Software Errors. Vulnerability Assessment includes analysis of bugs in various applications spread across N-tier on various domains by using both manual and Automation tools. Worked with clients from across globe USA, UK, Middle East. OWASP Hyderabad Chapter member. NULL Hyderabad Chapter member. Proficient in Linux operating system configuration and utilities. Broad knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support. Experience in system and network administration and engineering, hardware evaluation, project management, systems and network security, incident analysis and recovery. Worked in a team & individually on Projects successfully.

PROFESSIONAL TRAININGS & CERTIFICATIONS Certified Ethical Hacker, EC-Council, USA. IBM Rational AppScan Standard Edition Certified

Technical Proficiencies Application Vulnerability Scanners: HP Web Inspector, Burp suite proxy, Paros Proxy, Web Scarab, Accutinex. Network Vulnerability Scanners: Nessus, QualysGuard, Safe Access (NAC), Nmap, WAF, Wireshark. Penetration testing tool: Metasploit, W3f Languages Database Operating Systems : NASL, C, Shell Scripting and Python. : Microsoft Sql Server, Oracle 9i : Windows & Linux

Antivirus Management : Sophos Servers : Wamp, IIS, Apache Tomcat 5.0

Networking concepts : TCP/IP, Firewall, VPN

Education Completed B.Tech from JNTU University with 61.6% in the year 2005. Completed Intermediate with 85.7% in the year 2001 Completed SSC with 73% in the year 1999.

Professional Experience Working as Application Security Analyst for 3i-Infotech Ltd, Hyderabad from Feb 2007 to till date.

Project Profile # Project Name: Kastle ULS Security testing Client : LIC HFL(Housing Finance Limited), Dubai Tools : HP Web Inspector, Burp Suite proxy, Paros Proxy, accutinex Job Role : Security Consultant Duration : Sep 2011 to Dec 2011 Description:

Kastle Universal Lending Solution is primarily a retail lending application, aimed at Banks and Financial institutions, having a sizable retail lending portfolio such as home loans, auto loans, personal loans, credit cards etc. Under the scope of the assessment we performed the security testing on following Kastle ULS modules:

Loan Origination (major focus) Loan Management Loan Collection

Responsibilities: Manual walkthrough of the application to understand the application functionality Prepared high risk transactions and functionality matrix Prepared Risk assessment report and shared with the customer Identified risk parameters and gathered information specific to parameters Performed Vulnerability Assessment by using HP web inspector Analyze the Vulnerability assessment reports Performing the manual security testing by using BurpSuite Proxy, Paros Proxy to identify False Postives Prepared comprehensive security report detailing identifications and recommendations for the Vulnerabilities.

# Project Name : Document Management System Client : Indian navy, Delhi Tools : HP Web Inspector, Burp Suite proxy, paros Job Role : Security Consultant Duration : July 2011 to Sep 2011 Description: DMS is used to digitized and saved as scanned document in PDF. The captured documents can be indexed on various kinds of data such as alphanumeric, decimals, integers, dates, keywords, subject, etc. Documents are segregated according to their types such as letters, files, manuals, faxes, notes, books & records, applications, supporting documents, charts, notices, correspondences, etc. Memo can be added on each record. User defined attributes / fields could be created for particular image repository / template and depending upon the access rights user would be able to update the metadata fields. Users and groups are mapped to individual content repository with multiple set of access rights like read / create / modify / print / export /checker / admin, etc., for effective security procedures, validation checks and proper record and control over validation and modification Document Responsibilities: Manual walkthrough of the application to understand the application functionality Prepared high risk transactions and functionality matrix Prepared Risk assessment report and shared with the customer Identified risk parameters and gathered information specific to parameters Performed Vulnerability Assessment by using HP web inspector

 Analyze the Vulnerability assessment reports Performing the manual security testing by using BurpSuite Proxy to identify False Postives Prepared comprehensive security report detailing identifications and recommendations for the Vulnerabilities.

Project Profile # Vulnerability Assessment and Management (VAM) Client Environment Job Role Duration Team Size Description: StillSecure VAM is a vulnerability management platform that includes discovery, vulnerability scanning and identification, remediation work flow and reporting tools. The platform features both scheduled and ondemand vulnerability scanning capabilities, based on known vulnerability information from the vendor that can be updated by the customer on demand and/or automatically up to once an hour. Some of the major attacks patterns launched by exploiting the vulnerability in each application during the project: 1. Cross Site Scripting 2. SQL Injection 3. Denial of Service. 4. Remote/Local file inclusion Responsibilities: Monitoring sources of security alerts, notifications, and advisories for emerging threats. In-house rule development Regular log analysis and finding the exploitation attempts Quality assurance/quality control (QA/QC) for both VAM-developed rules and open-source GPL rules Releasing new and updated plug-ins Miscellaneous duties as assigned : StillSecure, USA : Windows & Linux family, Nessus, NASL : VA & PT : November 2007 to Till Date :9

Project Profile Title : Web Application Firewall (WAF) Client Environment Duration Role Team size Project Details: ModSecurity is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity must be configured with rules. In order to enable users to take full advantage of ModSecurity out of the box, Breach Security, Inc. is providing a free certified rule set for ModSecurity 2.x. Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the Core Rules provide generic protection from unknown vulnerabilities often found in web applications, which are in most cases custom coded. The Core Rules are heavily commented to allow it to be used as a step-by-step deployment guide for ModSecurity. Responsibilities: Information Gathering from various security Advisories. Developing custom rules for Zero Day Vulnerabilities. Testing them in varied environments in order to avoid any FP's and FN's : Still Secure : Linux & Windows Family : June 2010 to Dec 2010 : Vulnerability signatures development & Analysis :7

Declaration I consider myself familiar with all above mentioned aspects. I am also confident of my ability to work in a team. I hereby declare that the information furnished above is true to the best of my knowledge.

KANAKAIAH.K (Signature)