Dharmendra Gupta
Dharmendra Gupta

Information Security Professional

aka "DG"

About Me

Dharmendra Gupta is an information security professional working as a Senior Security Consultant at NotSoSecure. He has over 10+ years of experience in application, mobile and network security.

In his free time, he likes reading books or watching movies.

Interests
  • Web Application/API Pentesting
  • Mobile Application Pentesting
  • DevSecOps
  • Infrastructure As Code (IaC)
  • Security Automation
  • Cloud Native - Kubernetes
Certification
Education

  • B.E. Computer Engineering, 2014

    Mumbai University

Experience

  1. Senior Security Consultant

    NotSoSecure

    Responsibilities include:

    • Conducted web and mobile application penetration testing for global clients, identifying vulnerabilities and improving security posture.
    • Performed technical reviews of security reports, ensuring accuracy, consistency, and adherence to industry and NotSoSecure standards.
    • Developed and Led the revamp of the “Application Security for Developers” training course, managing everything from content design to client delivery.
    • Delivered on-site and virtual training on secure coding practices, teaching developers how to identify and mitigate vulnerabilities.
    • Researched and experimented with technologies like Vagrant, Docker, Kubernetes, Terraform, and Infrastructure as Code (IaC) to enhance security training content.
    • Developed methodology documents as reference materials to standardize security service delivery.
    • Assisted clients in understanding and implementing fixes for identified vulnerabilities post-assessment.
    • Co-authored a white paper on “Defense Against Client-Side Attacks,” exploring browser-based security controls as part of a defense-in-depth approach.
    • Contributed to the development of an in-house cloud enumeration tool – cloud-service-enum.
    • Created vulnerable applications and attack scenarios for NotSoSecure’s training courses, providing hands-on learning experiences for security professionals.

  2. Senior Information Security Engineer

    Altisource

    Responsibilities include:

    • Conducted comprehensive application security reviews, ensuring robust protection against vulnerabilities whenever changes were implemented.
    • Collaborated with cross-functional teams to analyze and evaluate major and minor application changes, ensuring secure design principles.
    • Performed in-depth mobile application security testing, identifying risks and strengthening defenses against emerging threats.
    • Conducted and Led database configuration assessments, aligning with CIS Standards to enhance security posture and compliance.
    • Developed custom Python automation scripts to streamline security report generation, adhering to Altisource Database security standards for efficiency and accuracy.

  3. Associate Consultant

    KPMG INDIA

    Responsibilities include:

    • Engaged with customers and stakeholders to gather prerequisites for Application Security, Code Reviews, Vulnerability Assessments, and Configuration Audits.
    • Conducted in-depth discussions with application owners to understand architecture, security concerns, and business impact.
    • Developed threat profiles and mapped test cases to ensure comprehensive security coverage.
    • Executed application security test cases, identifying vulnerabilities and weaknesses across different layers.
    • Delivered detailed security assessment reports, highlighting risks, remediation strategies, and actionable insights.
    • Provided clear and practical remediation guidance, helping teams fix vulnerabilities effectively.
    • Assisted customers with security-related queries, ensuring smooth communication and resolution.
    • Enhanced the knowledge base, documenting solutions and best practices to empower other pentesters, reducing dependency on product owners and saving valuable time.
Recent Post

🎉 Bypassing SSL Pinning in a Flutter iOS Application Using Frida

Bypassing SSL pinning in a Flutter iOS app can be challenging due to custom socket connections. This post details how I used Frida and a device-wide proxy to intercept network traffic, overcoming traditional MITM limitations. Read on to see the full approach and key takeaways!