Skip to main content

About - Prabhat Hudda

Prabhat Hudda is an IT Security Professional, currently working as an Application Security Engineer with more than 5 years of expertise in Information Security. He holds a Bachelor's degree in Information Technology, and his significant interests spin around Application Security & Penetration Testing.

Further, he loves to participate in several security events, conferences, and bug bounty programs. He actively blogs about his experience, knowledge, and skills in Information Security via Medium and LinkedIn.

Skills:

  • Threat Modeling
  • Software Composition Analysis
  • Static Code Analysis (SAST)
  • DAST
    • Web Application Security Testing
    • API Security Assessment
    • Android Application Security Testing
    • iOS Application Security Testing
  • Cloud Security Testing
  • Network Penetration Testing

Experience

Trantor Software Pvt Ltd

Duration: March 2022 - Present
  • Conduct thorough security assessments and assess the security posture of digital Fintech NBFC applications, identifying vulnerabilities in multiple applications and their portals.
  • Perform comprehensive security assessments for web, API, and Mobile applications using both DAST and SAST approaches.
  • Integrate DAST, SAST, SCA, IaC, and Container scanning into CI/CD pipelines, leveraging platforms like Jira to report security vulnerabilities.
  • Integrate security tools, standards, and processes into the DevSecOps application development lifecycle (SDLC), leveraging platforms such as Jira to report vulnerabilities.
  • Conduct Security Code Reviews, meticulously examining code written in languages such as  JavaScript, PHP, Java, and Python.
  • Led cloud security and threat detection across Terraform, and multi-cloud environments (AWS, Azure, GCP) using Orca Security to protect Cloud VMs, Docker, and Kubernetes applications.
  • Report security vulnerabilities along with descriptions and mitigations via JIRA.
  • Utilize industry-standard security assessment and vulnerability assessment tools such as Burp Suite, Netsparker, Data Theorem, Security Scorecard, Loggly, Snyk, Orca Security, etc.
  • Develop security policies, procedures, processes, and standards for the organization.

Panacea Infosec Pvt Ltd

Duration: November 2019 - March 2022
  • Conducted vulnerability assessments and penetration testing for a variety of applications, including Network, Web, Mobile, and APIs.
  • Executed manual and automated testing of fintech applications, government, NBFC, and private banks to identify and address security issues.
  • Discover and identify  SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond)
  • Collaborated with stakeholders to achieve and maintain compliance with PCI DSS, ISO, NIST, GDPR, and other industry standards.

Bufferclap Media

Duration: January 2019 - November 2019
  • Conducted thorough security assessments to identify and address potential vulnerabilities within network infrastructures, and in-house web and mobile applications with OWASP and SANS.
  • Performed network scanning to identify vulnerabilities and implement remediation strategies to fortify network security.
  • Developed and executed robust testing methodologies to ensure the resilience of web applications.

Certifications















Thank You,
Prabhat Hudda

Comments

Other Popular Post

Information Security Essential Terminology

 Hello everyone! Today, we will explore the essential terminology that should you learn if you are in a Cybersecurity, Information Security, or Penetration testing domain. Let's get started. Cyber Security It means technologies, processes, and practices that are designed to secure the networks, devices, applications, and data from any kind of cyber-attack. It includes protecting websites, computer systems, and related assets against cyber attacks. Information Security To secure the users' private information from unauthorized access, identity theft in anyway. Information security is a small part of cybersecurity. Network Security To secure the usability(availability), integrity, and safety of a network, associated components, and data shared over the network. Network security is a small part of cybersecurity. Application Security To secure software applications from vulnerabilities that occur due to the flaws in application design, development, installation, upgrade or maintena...