Prabhat Hudda is an IT Security Professional, currently working as an Application Security Engineer with more than 5 years of expertise in Information Security. He holds a Bachelor's degree in Information Technology, and his significant interests spin around Application Security & Penetration Testing.
Further, he loves to participate in several security events, conferences, and bug bounty programs. He actively blogs about his experience, knowledge, and skills in Information Security via Medium and LinkedIn.
Skills:
- Threat Modeling
- Software Composition Analysis
- Static Code Analysis (SAST)
- DAST
- Web Application Security Testing
- API Security Assessment
- Android Application Security Testing
- iOS Application Security Testing
- Cloud Security Testing
- Network Penetration Testing
Experience
Trantor Software Pvt Ltd
Duration: March 2022 - Present
- Conduct thorough security assessments and assess the security posture of digital Fintech NBFC applications, identifying vulnerabilities in multiple applications and their portals.
- Perform comprehensive security assessments for web, API, and Mobile applications using both DAST and SAST approaches.
- Integrate DAST, SAST, SCA, IaC, and Container scanning into CI/CD pipelines, leveraging platforms like Jira to report security vulnerabilities.
- Integrate security tools, standards, and processes into the DevSecOps application development lifecycle (SDLC), leveraging platforms such as Jira to report vulnerabilities.
- Conduct Security Code Reviews, meticulously examining code written in languages such as JavaScript, PHP, Java, and Python.
- Led cloud security and threat detection across Terraform, and multi-cloud environments (AWS, Azure, GCP) using Orca Security to protect Cloud VMs, Docker, and Kubernetes applications.
- Report security vulnerabilities along with descriptions and mitigations via JIRA.
- Utilize industry-standard security assessment and vulnerability assessment tools such as Burp Suite, Netsparker, Data Theorem, Security Scorecard, Loggly, Snyk, Orca Security, etc.
- Develop security policies, procedures, processes, and standards for the organization.
Panacea Infosec Pvt Ltd
Duration: November 2019 - March 2022
- Conducted vulnerability assessments and penetration testing for a variety of applications, including Network, Web, Mobile, and APIs.
- Executed manual and automated testing of fintech applications, government, NBFC, and private banks to identify and address security issues.
- Discover and identify SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond)
- Collaborated with stakeholders to achieve and maintain compliance with PCI DSS, ISO, NIST, GDPR, and other industry standards.
Bufferclap Media
Duration: January 2019 - November 2019
- Conducted thorough security assessments to identify and address potential vulnerabilities within network infrastructures, and in-house web and mobile applications with OWASP and SANS.
- Performed network scanning to identify vulnerabilities and implement remediation strategies to fortify network security.
- Developed and executed robust testing methodologies to ensure the resilience of web applications.
Certifications
Thank You,
Prabhat Hudda
Prabhat Hudda
Comments
Post a Comment