Milad Fadavvi

- Mentoring customer's team(s) to build secure application and use secure environments based on OWASP SAMM, Best practices and lessons learned - Analyzes the customer's security policies and procedures.- Create detailed technical reports of security tests OWASP | PTES | OSSTMM | WASC 2.0 - R&D on open source/commercial security solutions for build indigenous appliances ELK | Sagan | Bro IPS | Snort | Splunk | Security Onion | Comodo WAF

- Execute security assessments and penetration tests: CVSS v2/v3/v3.1 | DREAD - Maintain and operate the tools, devices and lab environment needed for security tests Burp Suite (Pro/CE) | OWASP ZAP| Metasploit | Nessus | OpenVAS | Arachni | Acunetix - Responsible for the continuous development of security testing services and processes - Perform vulnerability research to identify new, previously unknown and unpublished vulnerabilities (CVE-2018-18635) : XSS (CVE-2018-17431): RCE

- Ensures that standardized methods and procedures (ITIL v3) are used for efficient and prompt handling of all incidents in order to minimize the impact of incidents upon service quality and consequently identify opportunities to improve the day-to-day operations of the organization. - Identify, initiate, schedule and conduct incident reviews. - Restore a failed IT Service as quickly as possible. - Create and submit knowledge articles.

- Perform security tests/pen-test on networks, web-based applications, APIs and operation systems. - Maintain, utilize and operate the tools, devices and lab environment needed for penetration tests (commercial and open source tools) Burp Suite (Pro/CE) | OWASP ZAP | Xenotix Framework | SqlMap | NoSqlMap | Commix | ‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌ Metasploit | Core Impact | Nessus | OpenVAS | Arachni | Acunetix | OWASP JBroFuzz - Proactively discover vulnerabilities OWASP top 10 | CWE Top 25

Web Application Security.

Information security