Rajdeep Ravula

• A professional with hands on experience in Web, Mobile Application and Network Penetration Testing looking to be a part of a challenging environment.
• Experienced bug bounty hunter and penetration tester with experience leading a small team on offensive security engagements. Credited with identifying security issues in more than 5 responsible disclosure programs.
• Well versed with tools of trade related to automated Web PT such as Burp Suite, OWASP ZAP and Acunetix, Mobile PT tools such as MobSF, JDGUI, Network PT tools that are part of Kali (such as impacket, responder, etc.)
• Possess a unique ability to communicate information security risks to the executives and technology teams and intuitive report writing skills.
• Regular CTF player with HackTheBox (completed 5 hard, 2 med, 10 easy challenges) and TryHackMe (#).
• Willing to learn, grow, and be the hardest working guy in the room.

• Freelance Security Researcher
• Hands on experience in OWASP TOP10 and SAN25 procedures.
• Excel in OWASP Top 10, Burp Suite, SQLmap, Nikto, Dirb, and BeEF.
• Experience in all the phases of Vulnerability Assessment and Penetration Testing (VAPT).
• Performed DAST Testing on Web Application.
• Conducts Vulnerability Assessments and reports vulnerabilities, monitors their ongoing management with the operations teams.
• Manual inspection of vulnerabilities through repetitive tasks for each web page in repeater tab.
• Preparing ROE (Rules of Engagement) document and a report is made to show the results of conducted vulnerability assessment including number of issues and trends accompanied by graphical representation.
• Ability to write a legible report so that every detail could be retested another time.
• Willing to learn and explore new tools along with technologies and work in a globally competitive environment on challenging assignments.
• I have the ability to conduct assessments using Nmap, Nessus, and OpenVas.
• Experience with Nessus, Acunetix, and Burp Scanner which generates the report. Ability to test the data manually by the possibilities of vulnerabilities generated by the report.
• Perform Reconassaince with the help of OSINTframework that includes SpiderFoot, Maltego, Recon-ng, the harvester, Subfinder, dotdotpwn, Xenotix XSS Framework, Hydra, CMSmap, and Wp-scan.
• Hands on experience with Virtual Box, VMWARE, UTM, and PARALLELS.

Certification of Advanced Penetration Testing Engineer from Infosec.

• Found XSS by generating a payload with event handlers such as onmouse () tag.
• Found IDOR Vulnerability with of id parameter of url link as an injection point. It led to horizontal escalation of and able to login to other users account with same degree of capabilities.
• Error messages on the web server are shown i.e., potentially exposed file paths and version information leading to Security misconfiguration.