Internship ppt

Transcript

1. T.Y. CSE. SGU Internship Report Pratik Gaikwad A18

2. WhoMI Pratik Gaikwad Application Security Engineer Lead Pentester Cobalt Core

   Part time Bug Bounty Hunter

3. All About Pristine Infosolutions Pristine InfoSolutions is a global IT

   services and Information Security Company headquartered in Mumbai, India focused on delivering smart, next- generation business solutions that help enterprises across the world to overcome their business challenges. The Company offerings span IT Outsourcing Services, Systems Integration, IT Support, IT Infrastructure Management, IT Security and Audit Services, Cyber Crime Investigations and the entire spectrum of IT Security Trainings. With impeccable expertise and technologies, Pristine InfoSolutions is committed to deliver the most competent IT solutions to serve its client needs and expectations worldwide.

4. Product and Services Highly customizable Web Applicarions Corporate Trainings Consultancy

   Incident Reponce Tracking Security Audit

5. Role and Responsibilities Pentesting Web Applications -Finding bug in web

   application and make report for same - Checking Web applications for newly added CVE's Cloud Security Reviews - Check IAM Roles and Permissons - Implementing Security for Applications using CDN and Firewall

6. - AWS CLoud - API Security - Thick Client Security

   Assessment Major Learning AWS Compute Service – EC2 Auto Scaling Load Balancers Virtual Private Cloud AWS Storage Service – S3 AWS Cloud formation AWS Elastic Beanstalk AWS SES & SQS API Security Top 10 Vulnerabilities of API listed by OWASP Broken Access Controls in API Security Misconfigurations in API Sensitive Data Exposure in API Security Assessment of API Thick Client Security Assessment Client Side Vulnerabilities in Thick Client Recon of Thick Client for Pen testing File and Binary analysis DLL Hijacking in Thick Client Server Side Attacks in Thick Client

7. 1. SIEM [Security information and event management] 2. Cloud Architecture

   for Web Application 3. Cloud Architecture for ASG[Auto Scaling Group] Projects
8. None
9. None
10. None

11. After complete my industrial training, I had been exposed to

    Application Security Engineer and Cyber Security Analyst working life. Throughout my internship, I could understand more about the definition of an Application Security Engineer and Cyber Security Analyst and prepare myself to become a responsible and innovative Application Security Engineer and Cyber Security Analyst in future. Along my training period, I realize that observation is a main element to find out the root cause of a problem. Not only for my project but daily activities too. During my project, I cooperate with my colleagues and operators to determine the problems. Moreover, the project indirectly helps me to learn independently, discipline myself, be considerate/patient, self-trust, take initiative and the ability to solve problems. Besides, my communication skills is strengthen as well when communicating with others. During my training period, I have received criticism and advice from engineers and technician when mistakes were made. However, those advices are useful guidance for me to change myself and avoid myself making the same mistakes again. Conclusion

12. Regards, Pratik Gaikwad A18