Security Tester - Work Experience

Work Experience Overview

This role focused on conducting comprehensive security assessments of web applications at King's College London. Working as part of a specialised penetration testing team, I identified vulnerabilities, developed exploit proof-of-concepts and documented findings to improve the overall security posture of critical systems.

As part of the Cybersecurity Evaluation Team at King's College London, I was responsible for executing methodical security testing on multiple web applications. This project-based position involved working with industry-standard testing tools and applying systematic approaches to vulnerability discovery and exploitation.

Key Outcomes

Discovered and documented 14 critical security vulnerabilities across 10 different web applications

Developed a standardised security testing methodology that significantly improved assessment efficiency

Achieved 100% success rate in bypassing client-side security controls during authorised penetration tests

Key Responsibilities

Conducted systematic penetration testing on web applications to identify security vulnerabilities
Performed in-depth analysis of application security issues including authentication bypasses, injection flaws, and cross-site scripting
Documented detailed proof-of-concept exploits for identified vulnerabilities
Implemented structured security testing methodologies and workflow processes
Utilised specialised security testing tools to simulate real-world attack scenarios
Created detailed technical documentation of discovered vulnerabilities

Technical Achievements

Critical Vulnerabilities Discovered

Through rigorous testing and creative exploitation techniques, I identified several high-severity security weaknesses that could have resulted in unauthorised data access, privilege escalation, and potential system compromise.

Successfully identified and exploited multiple security vulnerabilities across ten different web application systems
Developed custom exploitation techniques for bypassing client-side security controls
Conducted SQL injection testing resulting in database access control bypass
Discovered and exploited insecure direct object reference vulnerabilities
Performed cookie manipulation to achieve unauthorised access to protected resources
Developed and executed shell injection attacks against vulnerable server components
Reverse-engineered compiled applications to identify hidden functionality and security flaws

Technologies Used

Burp Suite

Command Line Tools

SQL Injection Techniques

Python Scripting

Wireshark

Decompilation Tools

Web Browsers

HTTP/HTTPS

Cookies & Sessions

Web Application Frameworks

Experience Impact & Reflection

This role significantly enhanced my practical application security testing skills and provided hands-on experience with real-world security vulnerabilities. The structured reporting process also improved my ability to document technical security issues in a clear, actionable manner for development teams.

Working with the Cybersecurity Evaluation Team at King's College London provided valuable experience with modern web application security assessment techniques and vulnerability exploitation. The knowledge gained from this experience has directly contributed to my expertise in security testing and vulnerability assessment.

The methodologies implemented during this project demonstrate my ability to:

Apply systematic approaches to security testing and vulnerability discovery
Develop custom exploitation techniques for identified security weaknesses
Balance thorough security testing with responsible disclosure practices
Document technical security issues in a clear, understandable format
Work effectively in a structured security assessment environment