About
.
Ethical Hacker & Security Consultant.
Ethical Hacker skilled to test Web, Mobile, Thick Client Applications, API, WIFI, Network vulnerability assesment and penetration testing working as a Security Consultant with a conventional and retail bank in Bahrain.
- Phone:Send a Whats App Message
- Bahrain: Manama
- Degree: Batchelors in Information Technology
- Email: konkakarthik@gmail.com
As a consultant Iam familiar with OWASP Web, Mobile, API Security Risks, OSSTMM, PCI Penetration Testing Guidance, I have worked with multiple companies on projects ranging from Web, Mobile, Thick Client Application, Network, WIFI Penetration Testing and Red Teaming Assesments including but not limited to Dubai Properties, Dubai Chambers, Ferrari World, Etisalat, DU, Ahli United Bank, Abu Dhabi Motorsports Management, Yas Waterworld, Warner Bros, ICICI Bank, Aditya Birla Group, Kony Labs.
Facts
Ranked top 2nd Mobile Security Researcher, MVP on Bugcrowd and I have found and responsibly disclosed vulnerabilities to multiple companies including but not limited to Facebook, Snapchat, Quora, At & T, Sophos, Barracuda Labs, Netgear, Dell, Spotify, Master Card, Tesla, Indeed, Slack, Binance, Coinbase, Freelancer, Carrefour and 100+ companies.
Web Applications
Security Testing
Mobile Applications Security Testing
Network Devices/Servers Security Testing
Red Teaming Assesments Physical Security, Social Engineering
Skills
Resume
I started to participate in bug bounty programs since 2014, after completing my batchelors i started working with a consulting firm as a consultant.
Sumary
Konka Karthik
Passionate Security Professional with 5+ years of experience in testing Web, Mobile, API, Thick Client Application, Network, WIFI Security Testing and also experience in OSINT and Red Teaming Assesments.
Bug Bounties
Bugcrowd - Security Researcher
2014 - Present
Ranked among top 150 Security Researchers, MVP and was top 2nd mobile security researcher on platform and have found and reported vulnerabilities in Web, Mobile(Android & iOS) Applications, API Testing and Routers(iOT devices)
Synack Red Team Member
2016 - Present
As a Bug Bounty hunter i spend time in researching and reporting Security Vulnerabilities
Yogosha
2019 - Present
As a Bug Bounty hunter i spend time in researching and reporting Security Vulnerabilities
Education
Batchelors in Information Technology
2012 - 2016
Vidya Jyothi Institute of Technology, Hyderabad, IN
Batchelors in Information Technology, conducted a work shop on Ethical hacking in our college and started to learn about Application Security and also reported multiple vulnerabilities to Facebook, Snapchat and other companies while i was persuing my batchelors
Professional Experience
Information Security Pentester
2020 - Present
Conventional and Retail Bank, Bahrain
- As a Security Pentester, I conduct all security penetration testing and code review activities to guarantee releases(production and pre-production) of new applications, products, functionalities, fixes and enhancements are free from security bugs and vulnerabilities. Communicate found vulnerabilities with stakeholders and help developers in remediating the vulnerabilities and track till remediation.
- Facilitate vendors to perform third party security assements required to meet the regulatory requirements.
- Conduct Security Breach drills and report gaps to the respective team.
- Well versed with Pentest requirements of CBB, SAMA, Tadawul, PCI DSS Regulators.
Senior Security Consultant
2017 - 2020
Consulting Firm, Dubai, UAE
- Lead few projects and have worked for most of the well known companies in UAE and GCC including but not limited to Etisalat, DU, Virgin, Dubai Chamber, Ahli United Bank.
- Delegate tasks to the 4 members of the Assurance team and provide counsel on all aspects of the project.
- Supervise the Security Assesments conducted in order to ensure quality and accuracy of Testing is met.
- Managed to find multiple critical vulnerabilities and root access on a server as part with in limited time as part of the Red Teaming Assesment.
Security Consultant
2016 - 2017
One of the Big Four banks of India, Mumbai, IN
- Involved in conducting pentests of Web, Mobile applications to meet Security and Regulatory requirements.
- Received accolades for finding critical vulnerabilities in applications on production.
Blog
Will share writeups of vulnerabilities/misconfigurations that i have found during my research or as part of the Pentests that i have conducted till date.
- All
- Web
- Mobile
- Network/WIFI
Skills
Web Application Security Testing
Application would be tested for OWASP(OWASP Top 10 is a standard awareness document for developers and web application security.) and other misconfigurations
Mobile Application Security Testing
Application would be tested for OWASP Mobile Top 10 is a standard/centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications and other misconfigurations.
Thick Client Application Security Testing
Discovering what technologies are being used on both the client and the server sides. Figuring out the application's functionality, behavior and Security flaws in the same would be tested and reported.
API Security Testing
API Security focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces, OWASP API Top 10 issues and other misconfigurations would be tested and reported.
Network/WIFI
Identify your vulnerabilities in networks, systems, hosts, and network devices with our Network Penetration Testing services, covers NIST 800-35.
Red Teaming
As most of the Red Teaming Assesments are time bound, I/my team will gather footprints of the organization and try to target the weakest links in an organization using the following skills Penetration Testing, Social Engineering, Physical Security
Contact
Location:
Manama, Bahrain
Email:
hi@konkakarthik.com
Call:
+973 33124669