Preparing 20 questions about software security for a written exam

Hi, i hope you will be doing well. I can create questions with answers you mentioned in the decription. Lets discuss.

Hello , I'm an Offensive Security Certified Security Researcher and have strong background in all sort of Security and related terms in practical as well as theory . I'm highly interested to know about the question and what is the deadline of deliveries for these questions please let me know? Will be waiting for your response! Best Regards, Jai

Have 5+ years of experience in both black box and white box testing penetration testing. Perform VAPT(Vulnerability and penetration testing) services like Web-Application penetration testing; System Application penetration testing; Mobile application penetration testing; Network application penetration testing; social engineering penetration testing etc. Conduct penetration testing in a systematic approach. Follow the standard methodology of the industry like OWASP Testing Guide v4(OTGv4) ; SANS top 25; NIST SP 800-115; PCI DSS to perform penetration testing so that client can concentrate on their professions without worrying about security threats. Web Application Testing: Do web application penetration testing with the latest methodology like OWASP Top-10, SANS Top-25. Perform both manual and automated penetration testing for vulnerabilities like Injection flaws(such as SQL, NoSQL, OS, and LDAP injection etc),Broken Authentication, Sensitive Data Exposure,XML External Entities (XXE), Broken Access Control,Security Misconfiguration, Cross-site scripting(XSS), Insecure Deserialization, Using Components with Known Vulnerabilities,Insufficient Logging & Monitoring. Also perform source code reviews for many technologies like java, .NET, PHP etc. Approach for Manual Web-Application Penetration Testing: Conduct manual testing with following controls: * Configuration and Deployment Management Testing * Identity Management Testing * Authentication Testing * Authorization Testing * Session Management Testing * Input Validation Testing * Testing for Error Handling * Testing for weak Cryptography * Business Logic Testing * Client Side Testing Tools that use for Automated Web Penetration Testing: Acunetix, Burp-Suite, Netsparker, Nexpose, Nikto, IBM Appscan, HP fortify, W3af etc. Network penetration testing:Provide Network Penetration Testing so that your Network Infrastructure is secured from the real world attacks. Do both manual and automated network penetration testing. Approach for Manual Network Penetration Testing: Manually check for IDS/IPS, Server, Networks switch, Network Router, VPN, Firewalls, Anti-virus,Password etc. Tools that use for automated network penetration testing: OpenVas, Wireshark, Nessus, Metasploit, Armitage, Scapy etc.

A proposal has not yet been provided

You'll get your questions by tomorrow same time. Relevant Skills and Experience I have worked on project related web site testing recently.

Hi, I am Max from Argentina. I am a security researcher and pentester. I have a lot of experience in web application. I am developer too. The combination of developer + pentester results in the best security specialist, because he can identify security issues, and programming issues that can be driven in security issues. In my career I have created a lot of tools, (you can check them in my github), I have been speaker in security conferences (OWASP), and I have been participated in a lot of projects in Deloitte company, like social engineer projects, red teaming, physical access, etc. I love web pentesting. I am a bug bounty hunter, If I am selected, I will use my advanced knowledge to writte the questions. I am teacher assistant, so i have a lot of experience. I have been participated in a lot of training (i have been the teacher in the trainings). For example, now i am in Mexico city, in a training for the Scotiabank staff.

I'm currently employed as a Security Analyst in a financial organization and am heavily involved in the Cyber Security Field. Please contact me so we can have this done in no time.