WHAT DO I DO

Experience

SECURITY RESEARCH ASSISTANT

MADIBA SECURITY RESEARCH GROUP - CIISE
JANUARY 2022 - PRESENT

Examined the mini-app to super-app authentication issues caused by insecure development practices and weak security design enforcement by major app-in-app ecosystems and identified 36,425 such WeChat, 112 such Baidu mini-apps.

Designed and developed an automated hybrid framework based on python to identify the hard-coded secrets in the mini-apps statically and determine the accessibility of the corresponding super-app's server-side APIs dynamically.

Published an academic research paper on the title "Measuring the Leakage and Exploitability of Authentication Secrets in Super-apps: The WeChat Case" in the proceedings of ACM and is accepted to present in the top-tier security conference - RAID'23 in Hong Kong.

Identified 3,000+ vulnerable NPM packages by statically analyzing their code-level security vulnerabilities based on industry best practices and standards, such as OWASP, CWE, CVSS, responsibly disclosed to the developers, and reported CVEs.

Reverse engineering and analysing the network traffic of 15 stalkerware mobile applications (Android) and their web-interfaces to identify the related security and privacy issues.

Participated in weekly seminar discussions, presenting and analyzing crucial aspects of top-tier academic papers.


SYSTEM SOFTWARE ASSOCIATE PROGRAMMER

SERENDEBYTE - TTEC
OCTOBER 2019 - NOVEMBER 2021

Industry verticals: Underwriting Insurance Framework, Sales Automation, Marketing, Government Platform, Education, and Customer Service.
Worked in: Managed the access control and authority matrix of the applications - both at the end-user and the administrator level.

Trained a 6-member development team on secure coding practices and led the team to design and implement security features, like PGP Encryption/Decryption, JWT, and multi-factor authentications in web applications and performed code reviews.

Implemented secure payments using payment gateway such as GlobalPay, and Stripe.

Collaborated with OneSpan to securely integrate the E-Sign E-Sign functionalities and OneLogin SSO into the web applications.

Implementing Pega Call for CTI implementation for both chat and telephony conversation in order to improve contact center operations, Configuring Call treatments and Screenpops and Asynchronous API calls for agent chat - AWS, Cisco, Genesys.

Improved the accessibility of the application.

Localized the application based on different languages, making them region-specific.


INTERNSHIP TRAINEE

SERENDEBYTE - TTEC
JULY 2019 - SEPTEMBER 2019

Industry Verticals: HRD Framework.
Worked in: Automatic reply to the incoming emails using an Email
Listener and creation of cases, Case Management.

Managed the compliance of the application with the company's and client's cyber security policies, best coding practices, and quality assurance.