Haresh Babu K

Led SAST, DAST, and SCA security assessments for critical web and API applications, proactively identifying and mitigating vulnerabilities aligned with OWASP Top 10 standards. Discovered and remediated high-risk issues including SQL Injection, XSS, CSRF, and Broken Authentication, reducing exploitable attack vectors across multiple products. Conducted TPS and CVE analysis for open-source/vendor products, ensuring compliance and minimizing third-party security risks. Performed infrastructure & network security assessments using Tenable Nessus, eliminating misconfigurations and outdated service exposures. Integrated security checkpoints in the SDLC, leading project security reviews, requirements validation, and design analysis at early development phases. Authored detailed risk-rated vulnerability reports with actionable remediation steps and verified fix effectiveness through retesting, enhancing security posture across teams.

Executed Vulnerability Assessment & Penetration Testing (VAPT) for web, API, and database layers using Burp Suite Pro, HCL AppScan, OWASP ZAP, Nmap, Nessus, and SQLMap, uncovering and remediating critical security flaws. Conducted mobile application security testing with MobSF, Frida, JADX, and APK Tool to detect insecure data storage, code tampering, and reverse engineering risks. Performed dynamic analysis to uncover API key leakage, encryption weaknesses, and authorization flaws, improving application resilience against advanced threats. Led network security assessments using Wireshark, Nmap, and Metasploit, identifying misconfigurations, weak protocols, and exploitable services. Reviewed AWS cloud configurations via AWS CLI to secure EC2 instances, IAM roles, and S3 storage policies. Delivered PCI-DSS–compliant remediation reports with proof-of-concepts, enabling a banking client to eliminate high-risk vulnerabilities and achieve certification.