Animesh Roy | Profile

Ani Roy

ANimesh Roy

I am experienced in Delivering Training on Cybersecurity and Cloud Computing. I'm also working as a Freelancer cybersecurity Consultant.

About Me

Ani Roy is an Application Security Researcher and Penetration Tester having more than 3 years of industrial experience with good knowledge in Vulnerability Assessment and Penetration Testing on various domains like Web Applications, Mobile Applications, APIs, and Networks. He holds Bachelor's in Technology (B.Sc) in Information Technology. He has spoken in multiple conferences, workshops and chapter meet on various topics like Metasploit, BypassingWAF, Scoring your Organisation, Advanced Web Application Penetration Testing, Mobile Application Penetration Testing, etc. covering more than 500 members. He Reported more than 30 Government websites leaking sensitive information of users and helped patch them.

Current Responsibilities
 ●  Product Security Manager - Product based MNC(confidential).
 ●  Chapter Lead - Machine Learning for Cyber Security.

 ●  Trainer - Cyber Security and Cloud Computing

My Experience

 ●  Presently working as a full-time trainer. Providing Training on various Cybersecurity Topics and Cloud Computing.
 ●  Good knowledge of various Security standards, methodologies and compliances like OWASP TOP10, SANS 25, PCI-DSS etc
 ●  Has good experience in Vulnerability Assessment, Penetration Testing, Security Automation, SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools on various Technologies like .Net, Java, React JS, PHP, Python etc.
 ●   Created a Checklist for WebApplication Pentest covering more than 100 Vulnerabilities and executed them while penetration testing along with OWASP TOP 10.
 ●  Performed Penetration Testing on a couple of Reputed Applications.
 ●  Good at PHP, Python Development and used to develop scripts for tracking vulnerabilities during Assessments .
 ●  Knowledge on Black Box and White Box Penetration Testing Approach.

My Skills in Various Domains of Security

Web Application Security

  • Perform Vulnerability Scans Using Acunetix,Qualys Guard,IBM App Scan,OWASP ZAP
  • Validate and Remove False Positves
  • Perform Penetration Testing using BurpSuite,Fuzzers,Xenotix,Custom scripts
  • Reporting,tracking the issues and bug fixing

  • March 2019 - Present

    Mobile Application Security

  • Perfrom Static Analysis on apk
  • Perform Dynamic Analysis on App and API's
  • Perform Reverse Engineering on applicaiton
  • Reporting,Tacking the issues and bug fixing
  • September 2018 - June 2019

    Network Security

  • Gather information and Enumerate services using Nmap
  • Perfrom Vulnerability Scans using Nessus,Qualys,Open Vas.
  • Perform Penetraion Testing Usiung Metasploit Framework & exploit DB
  • Reporting,Tracking the issues and bug fixing
  • September 2013 - June 2019

    Vulnerability Management

  • Vulnerability Assessment for 20+ Products
  • Marking Priority Issues and assign to Dev Team.
  • Track the product Security Status in dashboard

  • September 2016 - June 2019

    Security Trainings to Internal teams

  • Training to devclopers for preventing OWASP TOP10 Security Vulnerabilities
  • Train QA Teams,how to cover Security bugs in Functional Testing.
  • Present Security awareness sessions to internal employees periodically

  • September 2015 - June 2019

    API and Integrations Security

  • Integrate all the API's to Postman,SoapUI.
  • Perform Fuzzing on API's to break
  • Perfrom Penetration Testing on API'scanning

  • September 2018 - June 2019

    Periodical Security Audits and Issue tracking

  • Schedule Periodical Scans
  • Perform VA Scans and Penetration Testing Periodically
  • Log all the Scan Status in Dashboards

  • September 2018 - June 2019

    Public Speaking

  • Nullcon
  • Sillycon
  • Workshops,Guest Lectures,Seminars
  • September 2014 - June 2019

    My Recent Talks

    I delivered my session in Conferences,workshops,Chapter Meets,Organisations and in Institutions.

    Upcoming Presentations
    SillyCon (NULL+OWASP)

    Corporate Training for Foregin Delegation(SEP'19)
    CyberSecurity and Reverse Engineering

    Cyber Security for Data centre
    Reverse Engineering.

    College Workshop(26th - 30th AUG 2019)

    Microsoft Security Fundamentals Topics based on MS98-367
    Training for College Students.

    Corporate Training(20th - 24th AUG 2019)

    Training for New Hires in MNC Topics:

  • SDLC
  • Application Security
  • Security, Patching systems and codes.

  • Summer Internship (GUNTUR May-June 2019)

    Internship Program

  • Live Projects
  • Ethical Hacking
  • Security, Patching systems and codes.
  • Project on Github: Link

  • State Crime Record Department, WB(March 2019)

    Workshop on Cryber Crime

  • Types of CyberCrime
  • Awareness Program for Civilians
  • Digital Forensic Investigation

  • IITM
    Cloud Computing

  • Introduction to Cloud
  • GCP
  • AWS
  • Focused on websites(webserver,DNS, backup, ELB,CDN,Security)

  • State Crime Record Department, WB

    Workshop on Cryber Crime

  • Types of CyberCrime
  • Awareness Program for Civilians
  • Digital Forensic Investigation

  • IITM Workshop
    Cyber Security Workshop : CCSA

  • Advance Web Application Penetration Testing
  • System Security
  • Cybersecurity

  • SEP30-OCT1 Sree Vidyanikethan Engineering College (Tirupati)
    Cyber Security Workshop : C|EH

  • Advance Web Application Penetration Testing
  • Social Awareness and best practice for Privacy
  • Live Demo on Mobile hacking, System and Bug Bounty Basic

    Ethical Hacking Workshop

    Real Time Cyber Attacks & Preventive Measures

    AUG-SEP 2018 (TSPA - Hyderabad)
    Cyber Security and Cyber Crime Defence

  • Advance Web Application Penetration Testing
  • Social Awareness and best practice for Privacy
  • Live Demo on Mobile hacking

  • Feb-March 2018 (DIT - GANGTOK)
    Cyber Security

  • Advancing Mobile App Penetration Testing  
  • Advance System Hacking
  • C|EH Modules

  • Additional Talks/Open community

    Presented Trainings to internal Development Teams and also to various Government Teams on Secure Coding Guidelines, Social Engineering, Cyber Security Awareness and many other topics.

    Animesh Roy



    View My Profile