Syed Immad Ali

• Performed risk analyses to identify appropriate security countermeasures.
• Recommend improvements in security systems and procedures.
• Conducted security audits to identify vulnerabilities.
• Web Application Penetration Testing.
• Vulnerability Assessment/Fixations.
• Security Operations
• Inventory Management.
• CIS Benchmarking and compliance.
• Status Reporting to Management
• Follow-ups with relevant Operation teams.
• Provided consultation and technical services on all aspects of information security.
• Performed risk and vulnerability assessments and provided results and recommendations to senior management.

Clients:

• Telenor345 Head Office Islamabad as resident engineer (Vendor services in Security Operations)

Methodology:

• SEC460: Enterprise Threat and Vulnerability Assessment

Tools:

• Nessus
• Nexpose
• Kali Linux
• AppScan
• Accunetix
• Netsparker
• Burp Suit

• Network Vulnerability Assessment using Nessus.
• Servers Vulnerability Assessment using Nessus.
• Followed Owasp Top10 for Web Application and android application testing.
• API testing using SOAP UI and Burp
• Android Application Penetration testing.
• Ensure to provide security consultancy for web application business logics and data security.
• Developed and maintained courteous and effective working relationships.
• Provide web security and software development consultancy to developing GRC system.
• Provide web security and software development consultancy to Developed and Design customized Penetration testing Reporting Module.
• Provide web security and software development consultancy to developed Audit Module.

Clients:

• Bank Al Habib (Android & Web Applications Pentest)
• Meezan Bank (Web Applications Pentest)
• Allied Bank (Network & Web Applications Pentest)
• Agha Khan University Hospital (Web Applications Pentest)

Methodology:

• Owasp Top10 (Web Application and Mobile)
• Business Logics.
• Web application server side bugs and security flows.
• Network communications channels.

Major Findings:

• SQL Injection
• XSS.
• Broken Authentication.
• Server Side Template Injection.
• Privilege Escalation.

• Performed risk analyses to identify appropriate security countermeasures.
• Recommend improvements in security systems and procedures.
• Web Application Penetration Testing.
• Vulnerability Assessment/Fixations.
• Follow-ups with relevant Operation teams.
• Provided consultation and technical services on all aspects of
• Information security.
• Performed risk and vulnerability assessments and provided results and recommendations to senior management.

Clients:

• AlBaraka Bank (Mobile Applications Pentest)
• Jubilee Life Insurance (Web Applications Pentest)
• Dynea Pakistan (Web Applications Pentest)
• Agriauto Pakistan (Web Applications Pentest)
• PakSuzuki (Website Pentest, Review and Quality Assurance)
• IGI Insurance Limited (Pentest)

• ERP system for Singer Pakistan In-House Development.
• Analysis on all sales and Inventory process.
• Development of Sales module.
• Deployment all over Pakistan near to 180 shops.
• Reporting to Chief Information Officer.
• UML Documentation with OOAD Concepts.

i. Use-Case

ii. Activity Diagram

iii. Interaction Diagram (Collaboration and Sequence)

iv. Class Diagram

v. ERD

Technologies:

• Asp.Net MVC framework.
• JQuery, CSS, HTML Bootstrap, AJAX.
• Microsoft SQL server & Oracle10g as backend DB
• Team Foundation Server for team versioning.
• AWS server.

• Developed and designed components using ASP.NET and ADO.NET.
• Develop front-end and three-tier Architecture using ASP.NET.
• Responsible for UI Issues.
• Maintenance and modification of existing application software.
• Responsible for bug fixing.
• Create SQL queries as well as stored procedures and Trigger’s (SQL Server 2008).
• Web page Design etc.
• Dashboard with charts Development & Design.
• Audit Logs using Triggers.
• UML Documentation with OOAD Concepts.

i. Use-Case

ii. Activity Diagram

iii. Interaction Diagram (Collaboration and Sequence)

iv. Class Diagramv. ERD

Technologies:

• Asp.Net MVC framework.
• JQuery, CSS, HTML Bootstrap, AJAX.
• Microsoft SQL server & Oracle10g as backend DB
• Team Foundation Server for team versioning.
• AWS server.