Avani Technology - Security Testing Engineer - OWASP

Description :

Skills required :

- In-depth knowledge of OWASP Top 10, SANS Top 25, and secure coding practices

- Strong experience with manual and automated penetration testing of web, mobile, and API applications

- Proficient in identifying authentication, authorization, input validation, session management, and business logic flaws

- Ability to exploit and validate vulnerabilities, including XSS, SQLi, IDOR, SSRF, CSRF, etc.

- Perform and report on web application security configuration audits, vulnerability assessments.

- Develop and execute test cases based on application business requirements, and perform application security testing.

- Understanding of web technologies (HTML, JavaScript, HTTP/S, REST APIs)

- Familiarity with programming languages like Java, Python, .NET, PHP, JavaScript, or Node.js for secure code review.

- Ability to define and recommended web application security best practices for various scripting.

- Ability to understand application design, architecture and Secure SDLC.

- CEH, OSCP or other security-related certifications are preferred.

Static & Dynamic Scanning Tools (DAST/SAST) :

Working knowledge of :

- SAST tools (e.g., Fortify, Checkmarx, SonarQube)

- DAST tools (e.g., AppScan, Netsparker, Acunetix)

- Dependency Scanning (e.g., Snyk, Black Duck, OWASP Dependency-Check)