Sudeep Lamsoge

Hey there,

I'm Sudeep Lamsoge, a passionate associate Security Consultant, cybersecurity researcher, and exploit enthusiast with over 3 years of hands-on experience breaking, testing, and securing systems.

Skills :

• Network Infrastructures Security 
• Mobile Application Penetration 
• Automatic scanner developed 
• API Penetration Testing 
• Vulnerability Assessment and Penetration Testing (VAPT) 
• Web Application Security 
• Reconnaissance and Footprinting 
• Social Engineering Configuration and Code Review 
• OWASP Top 10

Experience :

Associated Security Consultant 

@Securelayer7, Pune July 2022 - Current (Remote)

• Worked on security assessments for clients in a variety of industries, including fintech, healthcare, and e-commerce, and delivered significant discoveries and suggestions. 
• Reported over 300+ vulnerabilities, including those of critical, high, medium, and low severity, providing actionable information for enhancing security posture. 
• Performed security assessments for 200+ projects across Healthcare, E-commerce, and other industries, ensuring compliance with industry standards like OWASP Top 10, OWASP API Security Top 10. 
• Evaluated application security to discover design flaws and misconfigurations through comprehensive assessments and adherence to secure development standards. 
• Conducted API security testing to detect authentication issues, authorization bypasses, and data exposure risks in line with OWASP API Security Top 10 guidelines.
• Performed network penetration tests for internal and external infrastructures, identifying misconfigurations and ensuring alignment with security best practices. 
• Assessed mobile applications using MASVS (Mobile Application Security Verification Standard) to evaluate storage, cryptographic implementations, and API security. 
• Reviewed source code using SAST and DAST methodologies to identify insecure coding practices, runtime vulnerabilities, and critical flaws. 
• Delivered training sessions on web application security best practices, focusing on publicly available CVEs and educating internal teams on the latest vulnerabilities and attack methodologies 

Intern Security Consultant 

@Securelayer7, Pune Jan 2022 - July 2022 (Remote)

• Contributed to research-driven security assessments for diverse projects, focusing on web applications, APIs, and network infrastructures across multiple industries. 
• Conducted detailed vulnerability research on web application and API security, discovering possible vulnerabilities by examining security frameworks, OWASP standards, and known exploits.
• Assisted with penetration testing for web applications and APIs, utilizing industry standards such as OWASP Top 10 and OWASP API Security Top 10 to discover vulnerabilities such as authentication problems, data exposure, and unsecured communication.
• Contributed to network penetration testing by investigating common network vulnerabilities, misconfigurations, and exposure points, and simulating real-world attack scenarios using threat intelligence and industry best practices.
• Supported the writing of comprehensive reports by documenting vulnerabilities and making remedial recommendations based on research and security assessments. 

Activities :

• Active participation in various Capture the Flag (CTF) events and platforms to enhance skills and learn new techniques and attack vectors. 
• Deliver sessions on career opportunities in cybersecurity at multiple colleges. 
• Posted multiple write-ups/walkthroughs on several vulnerabilities and web application challenges. 
• Delivered a talk and wrote a blog on the well-known CVEs (PhpMyAdmin 4.8.1 RCE Vulnerability (CVE: 2018-12613) and WonderCMS 3.1.3 Vulnerable to Authenticated SSRF (CVE: 2020-35313). 
• Completed the "Practical Ethical Hacking - The Complete Course" provided by TCM Security with a Certificate. 
• Completed the AppSec Certified AppSec Practitioner (CAP) exam Organized by the SecOps Group. 
• Completed a two-month internship at the Gurugram Police Cyber Cell, gaining foundational knowledge in various cybersecurity domains with Certification. 
• Developed an XSS Finder tool designed to automate the detection of cross-site scripting vulnerabilities, enhancing web application security. 

Education :

Bachelor's Degree of Engineering - Computer Science and Engineering (CSE) - P.E.S. College of Engineering, Aurangabad

Diploma Polytechnic - Computer Science and Engineering (CSE) - SBNM Polytechnic College, Aurangabad.