Wasim Halani currently serves as a Senior Security Analyst in the Technical Assessment team at NII Consulting. His work mainly focuses on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients. He has also handled some of the unique projects at NII over the past two years, like Social Engineering, Wireless Network Assessments, WAP Service testing and KIOSK Risk Assessment.
He possesses strong analytical skills and likes to keep himself involved in learning new attack vectors, tools and technologies, which allow him to conduct in-depth testing of applications during a penetration testing exercise.
During his free time, he likes to research on advance topics like Malware Analysis and Exploit Development.
He is a Certified Professional Hacker (CPH) and also provides training services at NII.
Over the past two years, Wasim has been exposed to a variety of different applications and network environments which have helped him enhance his understanding and technical skills.
While conducting security assessments, Wasim has familiarized himself with many of the popular tools available. Few tools he regularly uses are:
Wasim also has experience with the following Programming Languages
Multiple projects involving testing of web based as well as client-side trading applications used by prominent Stock Exchange Brokers in India and Middle-East
The project involved reviewing the security issues associated with a VPN implementation a client had done for their employees.
The project involved assessing the risks to a deployed KIOSK environment. The assessment was performed keeping in mind the PCI DSS requirements. As part of the project we also demonstrated to the client loopholes in their network, system and application configurations.
A full-fledged project which dealt with extracting the client’s confidential data by abusing the trust of its employees. The project involved unique attack vectors like Phishing, Client-side attacks, Dumpster-diving, Social-Networking etc.
An internal application used by a prominent bank was to be tested for web application and business logic flaws. The project involved testing of the application based on multiple roles (Maker, Verifier, Authorizer) involved in a banking transaction.
The project involved auditing the wireless network implementation at a client’s office. We tested the wireless configuration as well as wireless range exposure around the office premise.
Multiple projects involving the audit of the Firewall configuration and rule-base.
An assessment was conducted of the overall design of the client’s network infrastructure.
The project involved testing a social networking website popular in India. The application was tested for web application flaws as well as business-logic flaws.
The project involved testing the security of mobile based application (WAP Portal) developed by a client.
This course goes deep down into depths of networking, systems, web applications, actual exploitation & helps beginners to take their confident first step towards information security field.