·
Experience in manual
penetration testing of Web Application, API & network
·
Strong knowledge on Security
vulnerabilities (OWASP Top 10) & detailed knowledge of common web
application attack vectors such as XSS, Session management issues, CSRF, buffer
overflows etc
·
Applicable knowledge of
Operating system like Windows, Unix/Linux systems, Xen, and Cloud technologies
such as AWS, or Azure
·
Knowledge on C, perl, python
programming language and shell scripting knowledge for Security Test automation
and Tool development
·
Automate penetration and
other security testing on networks, systems and applications
·
Application protocol
Knowledge - HTTP, FTP, DNS, SMTP SSL/TLS
·
Knowledge on Fuzzing
Protocols
·
Advanced TCP/IP and OSI stack
knowledge
·
Usage of tools like Hping,
Nessus, Nmap, Burp Suite, and other Security Testing related tools
·
Experience in automated
application vulnerability scanners [AppScan, WebInspect, Burp suit, Qualys, etc
·
Develop and maintain security
testing plans
·
Should be used to researching
the latest Security best practices, new threats & technologies and
incorporate that new knowledge into your ongoing Security testing process