Indhumathi

Results-driven VAPT Analyst with 1.2 years of hands-on experience in Vulnerability Assessment and Penetration Testing (VAPT), Web Application Security Testing, and API Security Testing. Skilled in identifying, validating, and reporting security vulnerabilities using tools such as Burp Suite, OWASP ZAP, Nmap, SQLMap, Metasploit, and Wireshark. Experienced in conducting penetration tests, performing security assessments based on OWASP Top 10, and preparing detailed VAPT reports with CVSS-based risk ratings and remediation recommendations.

Currently pursuing an MCA in Cybersecurity and Digital Forensics. Completed CEH v13 Training, CEH Certified, and currently pursuing CompTIA PenTest+ and CompTIA Security+. Passionate about offensive security, continuous learning in cybersecurity and strengthening organizational security posture.

Web Application - Future Internship - Bengaluru (Remote)

(2026-05)

In Progress.

• Conducted end-to-end Vulnerability Assessment and Penetration Testing (VAPT) on web applications using Burp Suite and OWASP ZAP (Active & Passive Mode); identified and validated critical vulnerabilities including SQL Injection, Cross-Site Scripting (XSS), CSRF, IDOR, and Security Misconfiguration aligned with OWASP Top 10.
• Performed REST API security testing using Postman and Burp Suite API Testing module; identified OWASP API Security Top 10 vulnerabilities including Broken Object Level Authorization (BOLA), Excessive Data Exposure, and improper authentication flaws.

Web Application Security (Intern) - Necurity Solutions - Chennai (Onsite)

(2025-05 - 2026-05)

• Conducted Vulnerability Assessment and Penetration Testing (VAPT) on 10+ client web applications and network systems using Burp Suite, OWASP ZAP, Nmap, and SQLmap; identified, validated, and documented OWASP Top 10 vulnerabilities with detailed risk ratings and remediation guidance.
• Performed manual web application penetration testing and DAST to identify SQL Injection, XSS, CSRF, IDOR, Broken Authentication, and Security Misconfiguration vulnerabilities; conducted SAST-aligned source code review to flag insecure coding patterns.
• Executed REST API security assessments using Postman and Burp Suite; identified API-layer vulnerabilities including improper object-level authorization, excessive data exposure, and insecure direct object references per OWASP API Security Top 10.
• Performed application profiling, threat identification, and attack surface mapping to prioritize high-risk areas before penetration testing engagements; delivered risk analysis reports to guide client remediation priorities.
• Prepared structured technical and executive VAPT reports with CVSS severity ratings, Proof-of-Concept (PoC) evidence, risk analysis, and step-by-step remediation recommendations for each assessed application.
• Assessed cloud security configurations across AWS and Azure environments; identified misconfigurations and supported security hardening aligned with cloud security best practices.
• Conducted network reconnaissance and service enumeration using Nmap; identified open ports, running services, and attack surfaces across target environments and documented findings for risk analysis and remediation planning.
• Followed complete VAPT lifecycle — reconnaissance, scanning, enumeration, exploitation, post-exploitation, and reporting — through PortSwigger Web Security Academy labs and real-world security assessments.
• Maintained accurate VAPT documentation, assessment records, and compliance reports throughout the engagement lifecycle; contributed to internal knowledge base with new attack techniques and tool documentation.
• Identified web security misconfigurations including missing HTTP security headers and weak cipher suites; recommended security hardening measures aligned with industry best practices.

Cybersecurity Intern - Prodigy Infotech - Mumbai (Remote)

(2025-04 - 2025-04)

• Developed Python-based security tools including Network Packet Analyzer, Password Strength Checker, Caesar Cipher, and Image Encryption utility.
• Gained hands-on understanding of network security fundamentals, packet analysis, and scripting-based security automation through practical tool development exercises.

MCA - Cybersecurity and Digital Forensics - SRM University – Kattankulathur, Chennai (2026 - 2028)

VAPT Pentester Certification Course - Vulnerability Assessment, Penetration Testing, Web Application Security - Skillogic Institution, Chennai (2025-03 - 2025-05)

BCom - Business/Corporate Communications - University Of Madras (DRBCC Hindu College), Chennai (2020 - 2023)