Expertise and experience of conducting vulnerability assessments as per standards such as OWASP Top 10, SANS Top 25 and WASC, NIST.
Experience of using of the tools such as Metasploit, Nessus, Burpsuite, Acunetix, Checkmarx, AppScan, Nexpose.
Hands on experience of developing exploits.
Hands on experience of using Kali Linux.
Experience of identification and mitigation of vulnerabilities.
Ability to conduct vulnerability assessment and penetration testing of networks, web applications using automated and manual approach.
Hands-on experience with security tools – Nessus, Burpsuite, Qualysguard, Netsparker, Acunetix, Metasploit, drozer, apktool, dex2jar, Checkmarx, AppScan, Fortify, Veracode, etc.
Good understanding of attacks such as dhcp starvation, dns spoofing, email spoofing, phishing, DOS, DDOS, ARP poisoning, XSS, CSRF, SQL Injection, XXE, etc.
Good knowledge of TCP/IP and other application and network level protocols.
Ability to provide remediation solution of vulnerabilities.
8-10 years of experience of vulnerability assessment and penetration testing.