User:Gandhiasrn

I am a Techical Lead working with McAfee (Information Security Space) for the last 5 years. Prior experience includes working with Client Microsoft, Wipro technologies, MBT establishing a Vulnerability Accessment Center with Common Criteria and SSE-CMM guidelines, auditing British Telecom Network, Microsoft Source code towards secuirty aspects and Signingoff towards Security aspect for all products that gets released by Microsoft to the Public. Conducting External & Internal Network Enumerations on the production builds.

I have been involved in the Information Technology industry for more than 13 years. My focus has been in application security including testing, code reviews, design reviews, Penetration testing and training. My background in web application development and automation helps stakeholders to find secure flaws and making the code complete. I has a M.B.A. in Finance and a M.I.E in Computer Science & Engineering.

Few of the key responsibilities includes...

- Proving technical expertise and support in the performance of architecture and application risk assessments for IT developed applications and third-party solutions

- Review new and existing applications for security vulnerabilities

- Perform penetration tests and vulnerability assessments of IT applications and websites

- Coordinate testing efforts with the IT Security Assurance Team

- Enforce the secure QA coding process

- Primary liaison between IT QA, IT Security Assurance, and IT application development to ensure all IT developedapplications and websites adhere to secure code standards

- Document the results of assessments and coordinate with the IT Security Assurance Team to driverecommendations to remediation

- Recommend application security tools and techniques for implementation in the QA process

- Participate in research and provide recommendations for continuous process improvements--

- Write security test plans and test cases for each assigned project

- Provide training to other QA and Development personnel to improve their security awareness and education

OWASP contributions

 * Project Contribution: ASDR Participation; Funded by OWASP for Portugal Summit 2008 as Special Contributor; Participating in Local Charters (Bangalore) as well as Local Charters (Hyderabad) and Encouraging Knowledge sharing sessions in Information Security and OWASP Top 10 importance in IT
 * Release Contribution: ASDR Participation; Funded by OWASP for Portugal Summit 2008 as Special Contributor
 * Committee Membership: OWASP India Charter (Bangalore); OWASP India Charter (Hyderabad); Participated in OWASP Bangalore Charter meetings and sharing the knowledge through Nul conferences; Encouraging IT to follow OWASP Top 10 as part of PCI Compliance;Applied & Recommeded by OWASP member to join in OWASP Projects & Tools Committee;http://www.owasp.org/index.php/Global_Projects_and_Tools_Committee_-_Application_1

[mailto:gandhiasrn@yahoo.com Email address]

Wiki contributions.