Application Penetration Testing

Required Skills & Tools:

• Strong understanding of

  OWASP Top 10

  , API Security, SAST, DAST, and PT methodologies.
• Hands-on experience with tools like

  Burp Suite, OWASP ZAP, Metasploit, Nessus, Nmap, Kali Linux, Postman

  .
• Knowledge of scripting (Python, Bash, PowerShell) or coding (Java, JavaScript, .NET) is a plus.
  
• Familiarity with cloud security (AWS, Azure, GCP) preferred.
  
• Good documentation, reporting, and communication skills.

• Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs and mobile applications
• (3 to 4) or (5 to 8) or (9+ years) of professional experience in cybersecurity, with a focus on Web application penetration testing.
• Strong understanding of web applications, cryptography, various operating systems and security technologies.
• Strong understanding of exploitation of Microsoft platform used in enterprise environment such as windows Servers, Active Directory Certificate Service, Azure, etc.
• Experience in one or more of the following a plus: Web application penetration testing, mobile application penetration testing application architecture and business logic analysis.
• Relevant certifications, such as GWAPT, OSCP, OSEP, CRTP, CRTO, OSWA,
• Conduct manual and automated penetration testing for web, mobile, API, and cloud-based applications.
  
• Identify vulnerabilities including OWASP Top 10, API security, authentication flaws, and insecure configurations.
  
• Simulate real-world attack scenarios to assess risk and potential impact.
  
• Prepare detailed security reports with risk ratings, mitigation steps, and recommendations.
  
• Collaborate with developers and DevSecOps teams to validate and remediate findings.
  
• Ensure compliance with security standards such as OWASP, PCI-DSS, ISO 27001, and GDPR.
  
• Continuously research emerging vulnerabilities, exploits, and security trends.