My name is Rajganesh Pandurangan and I am the creator/developer of Web Attacks and Exploitation distro (WAED). WAED was born to have a platform where users can test their web application penetration testing skills in a safe and legal environment.
A resourceful, self-motivated, results driven Senior Security Consultant with a career spanning over 15 years of progressive experience. Possessing valuable transferrable skills including outstanding interpersonal relationships and results-driven success across a multitude of Fortune 100 companies. Areas of expertise include securing web applications, securing mobile platforms, designing security savvy products tailor made to cater to client’s needs, securing and implementing networks of various size. Possesses exemplary planning skills and accustomed to working under considerable pressure, remaining calm and prioritizing wisely.
- Delivered several million dollars of security services and technology for clients in the financial, retail, healthcare, manufacturing, and utilities sectors.
- Performed security code reviews and application risk assessments for customer facing applications at Fortune 100 companies. Audited applications written in multiple languages, including Java/JSP, C#, C/C++, PHP, and Classic ASP.
- Web Penetration testing to prove Software Security Vulnerabilities with IBM AppScan, Burp Professional, Paros and Manual Fuzzing and Penetration Testing with AppScan and Firefox plug-ins.
- Trained, documented and advised application developers in regards to security risks, secure coding best practices, with practical remediation guidance provided to developers.
- Drove the adoption of security scanning tools for both development and production use. Tools utilized: Qualys and IBM Rational AppScan.
- Located and helped remediate Software Security Vulnerabilities including credit card numbers and social security numbers, SQL injection, Cross Site scripting, Stored Cross Site Scripting, Buffer Overflows, Improper use of Cryptography, Malicious code and various other vulnerabilities.
- Trained developers to write secure code using the OWASP software security testing guide.
- Found Software security vulnerabilities for clients including: SQL injection, XSS, Cross Site Request Forgery and multiple other vulnerabilities.
- Tested over a thousand Fortune 100 web applications for security issues; tested top company external and internal and penetrated into systems.
- Participated in many PCI Assessments for many small, large and multinational companies and performed gap analysis, consultation, and development of customized solutions.
- Performed numerous onsite and remote security consulting including penetration testing, application testing, web application security assessment, code reviews, onsite internet security assessment, social engineering, and wireless assessment.
- Outstanding background in information systems for successfully identifying risks and implementing security solutions for wide range of projects and clients.
- Introduced security risk assessment and threat modeling techniques into the organization.
- Acted as technical authority on security for numerous RFPs and during contract negotiations.
- Strong application of best-practice methodologies in development and integration of hardware/software, security incident, risk management, audit requirements, and technical security assessments across an enterprise infrastructure.
Offensive Security Certified Professional (OSCP
Certified Ethical Hacker (CEH)
Certified Information Systems Security Professional (CISSP)
Microsoft Certified Solutions Developer