Taufiq Ali is a Lead Security Programmer, Vulnerability Assessor, and Penetration Tester at NII. He is also a Certified Ethical Hacker, and has performed vulnerability assessment, business logic penetration testing for some of NII’s premier customers. He has consistently impressed clients with his ability to think out of the box, and creatively attack systems and applications. He is well-versed with the OWASP, OSSTMM like methodologies.

He currently serves as Lead Security Programmer & as a Security Analyst at NII Consulting focusing on Product Design, Penetration Testing, Vulnerability Assessment and more of R&D.

His technical abilities span a very wide range of technologies across networks, operating systems, databases, web servers, and applications; however his specialization is web applications research on new hacking tools, writing scripts etc. He possesses strong analytical skills and is a part of the research activities undertaken at NII. He now also leads various infosec projects at NII.

• Master Degree in Computer Science (Advance)
  University of Mumbai, India
• Bachelors Degree in Computer Science
  University of Mumbai, India

• Certified Ethical Hacker (EC-COUNCIL)

• Application Security
• Expertise in Vulnerability assessment, Penetration testing & Web application testing
• Well-versed with the Open Web Application Security Project Top Ten security vulnerabilities.
• Network Security
• Worked on security for a range of operating systems, databases, web servers, mail servers, directory services and applications
• Experience with an extensive range of security systems and solutions.
• In-depth knowledge of TCP/IP fundamentals

• Operating Systems: Windows 9x/NT/2000/XP/2003/2008/Vista, Linux, UNIX
• Servers: Domain controllers (Active Directory), DNS (Microsoft DNS, BIND), DHCP, Mail Servers (QMail, Microsoft Exchange, Sendmail), Web Servers (Microsoft IIS, Apache), FTP (Microsoft FTP, vsftp, wu-ftp), Proxy Servers (Microsoft ISA, SQUID), File Servers (Microsoft built-in, SAMBA)
• Databases: MS-SQL, Oracle, MySQL, IBM DB2
• Network components: Firewalls, Routers, VPN, Switches, WLAN access points
• Security tools: Nmap, Nessus, Fport, Ethereal, Hping, tcpdump, whisker, nikto, ethereal, WebGoat, SARA, Netcat, Superscan, Snort, firewalk, Achilles, brutus, Paros, HTTPrint, WinHTTrack, Sam Spade, Cain and Abel, L0phcrack, Crack, WEPCrack, Kismet, forceSQL, SQLPing, John the Ripper, Dsniff, windump, Xavior etc.
• Languages: C, Shell Scripting, VB6, C, Core Java, Advanced Java, Lisp, SQL, HTML, DHTML, XML using CSS and XSL style sheets, ASP & JavaScript

• Communication and Interpersonal
• Have good communication skill by virtue of being an alumni & conducting workshops & demonstrations at various seminars
• Experience in product development and client interactions. Experience in leading a team & dealing with senior and middle management, system administrators, auditors, clients, customers, etc. Very strong commitment to quality of deliverables

• Penetration and Web Application & Network Pen Testing for:


• One of Australia’s largest BPO
• Multiple websites tested for a website development firm on broad horizon of technologies
• Three largest Medical Center in the US
• Leading online merchandise
• Leading matrimonial website in India
• Fully fledged online astrology service provider
• Online Mobile Telecom Solutions Company
• An online e-cargo, Home and Travel Insurance business application
• Online real-estate service
• Popular social networking site in India
• One of the largest search engines in India
• Leading health care companies in US
• One of the leading insurance company in UK
• One of the largest bank in Japan
• Well know Payment gateway
• Leading WAP websites of a Matrimonial Portal.
• One of the big wigs from Airline Industry
• India’s largest Private banking firm
• India’s largest online trading org (Project Lead)