Claudiu Tananau

Vulnerability Assessment

• Utilized the Common Vulnerability Scoring System (CVSS) to assess and prioritize vulnerabilities in client applications.
• Conducted thorough vulnerability assessments to identify security weaknesses and potential exploitation paths.
  

Advanced Code Review

• Performed in-depth code reviews within a Static Application Security Testing (SAST) environment to detect security flaws.
• Analyzed source code for vulnerabilities such as SQL injection, cross-site scripting (XSS), and other common security issues.
  

Mitigation Recommendations

• Provided actionable mitigation strategies and recommendations to clients for True Positive findings.
• Ensured clients' applications were secure by advising on best practices and secure coding standards.
  

Manual Analysis and Custom Queries

• Manually reviewed and added security findings that were not initially detected by automated tools, enhancing the accuracy and thoroughness of security assessments.
• Created and utilized custom CxQL (Checkmarx Query Language) queries to identify complex vulnerabilities.
  

Client Collaboration and Reporting

• Communicated effectively with clients to explain security findings, the potential impact of vulnerabilities, and recommended remediation steps.
• Prepared detailed security reports summarizing assessment results, including identified vulnerabilities, risk levels, and suggested fixes.