I am Ishaq Mohammed, I am working as an Application Security Engineer at AppDirect, a leading end-to-end commerce platform that helps deliver any digital service, on any device, and accelerate time to market.
At AppDirect, I am responsible for Security Engineering, Pentesting, Code Reviews and Software Composition Analysis for AppDirect products.
Prior to AppDirect, I was working as an Application Security Analyst at Qualys, a leading provider of information security and compliance cloud solutions. My role was to make sure the Qualys’s products and services are secure, safe and free from commonly seen client/server side vulnerabilities.
Prior to Qualys, I was working with SecureLayer7 Technologies, a consulting firm, doing penetration testing, vulnerability assessment,static and dynamic application security testing.
Apart from work related activities, I sometimes play ctfs on hackthebox & lab.pentestit.ru and have contributed to open source security research & DevSecOps Newsletter. I am an active participant at Null,OWASP chapter meets. I was also a part of the review team for the Free Docker Security Course
You can read about my work and learnings on my blog here
Technical Skills i possess are Vulnerability Assessment and Penetration Testing of Web Applications, Secure Code Review and Software Composition Analysis
I have some hands-on experience on tools like Burpsuite, Nmap, Metasploit, Sonarqube, Dependency-Check, Dependency-Track, Nessus, Maven, Gradle, Jenkins, Jira, Confluence, git, Github, GitLab, Bitbucket/Stash
Attributed with CVE-2017-14618, CVE-2017-14619, CVE-2017-15284, CVE-2017-15878, CVE-2017-15879, CVE-2017-16807, CVE-2017-18048, CVE-2017-18049, CVE-2019-6804 & CVE-2019-10349
I have been Acknowledged by Intel, Zenmate, Epic Privacy Browser, Eduonix, Eset, GroSum, Internshala, phpMyFAQ, KirbyCMS, SilverStripe, ProjectSend & Rundeck for finding Security Vulnerabilities in their products.
I am interested in learning various aspects of Application & Software Security, Security Automation and DevSecOps, Fuzzing and Exploit Development, and I intend to keep the list going on…