Contact: LinkedIn
During my Internship at Agilysys, I worked in the information security and compliance team, where I developed my skills in penetration testing, network analysis and incident response using multiple tools available. Agilysys is a developer and marketer of enterprise software for the hospitality industry, and the information security team at Agilysys is responsible for security of all its products.
My project was to learn and apply the skills in penetration testing on corporate kiosk application. With hacking software available through in Kali-Linux, a linux distribution specifically for penetration tests, I conducted a series of penetration tests that included network analysis, tampering communication, and conducting active attacks using a number of tools. As a result, I was able to exploit one critical vulnerability caused by unencrypted HTTP protocol in the application which the kiosk was running on. A number of unencrypted HTTP requests to certain API endpoints were receiving plain-text response that contained the internal source code of the application.
This finding was formally reported to the development team for review and fix, as any leakage of company source code can open up attack surface for further attacks in the application and can pose a serious threat to the organization as a whole. As a result of the found vulnerability, the development team had initiated the process of encrypting all traffic for communication. During this internship, I was able to gain hands-on experience in the field of information security and penetration testing, which holds tremendous importance in software development.