My Project - Banking - 2011 - 2014

Refined web application scanning process for the dynamic scan project, creating awareness with all departments and knowledge sharing with SOC team.
Performing Web Application Assessments on Internet facing and internal applications in production and acceptance environments. Identifying qualitative risk and vulnerabilities utilizing automate tool (HP WebInspect) and manual verification of findings (Open-source tools, protocol analysis). Compile business impact analysis reports (performance impact from an infrastructure point of view) for highly sensitive business applications.
Architectural review of applications and infrastructure to identify vectors of attack and attack surface or vectors. Coordinating scans with stakeholders (communication with developer teams, project management, application owners, assisting to define scope, identify threats and attack vectors, review of processes tasks in the applications, estimate a schedule, change control process if required), scan execution, analysis, elimination of false positives and report delivery.