SUMMER INTERNSHIP @ HCL Technologies
Hello everyone, I am Vansika Singh, a CSE undergrad from Bennett University, Greater Noida.
This blog would provide a brief overview of the work I have done over the past few months working as a Vulnerability Management Intern at HCL Technologies.
About the Company
HCL Technologies, also known as Hindustan Computers Limited, is a Noida-based global provider of information technology (IT) services and consultancy. It is a top level provider of worldwide IT services that aids in the re-imagination and transformation of organizations by utilizing digital technology.
My Work at HCL Technologies
My application for Internship was accepted in December 2021 and I started my work under the Vulnerability Management Head, Mr. Pankaj Sharma, at HCL Technologies.
What is Vulnerability and Vulnerability Management?
The First Month (December 2021) of my Internship was hugely based on developing a theorical knowledge about the concepts before practically implementing them. I focused on developing an understanding about some of the most prominent Vulnerability Management Tools like Qualys, SonarQube, ServiceNow etc. I learnt about the Vulnerability Management Lifecycle.
Developed an understanding about the Top 10 OWASP Vulnerabilities and their Prevention Methods.
Developed a detailed understanding on Types of Vulnerabilities.
During the Second Month ( January 2022) of my Internship, I worked on developing a Detailed 21- Page Report on Issues with Vulnerability Remediation Tracking Process, its Impact and Solution Approach.
I studied and researched about all of the steps involved in the vulnerability management lifecycle and worked with my mentor in developing solution approaches for the issues in each of the steps involved.
During the Third Month (February 2022) of my Internship, I worked on the project called Understanding Static Application Security Testing (SAST) — To Manually Find Defects in Insecure Web-based Applications.
This project’s Objective was to identify the most common code errors committed by web application developers. To find all varieties of vulnerabilities in an inadequately designed application, learn to Manually Examine Source Code as well as through automated Static Application Security Testing (SAST) techniques.
I manually evaluated the source code of an insecure web application written in Java (http://demo.testfire.net/) to find the vulnerabilities and created a detailed report on how to fix and prevent these vulnerabilities.
I learned how to install and configure SonarQube which is a tool that conducts static analysis of the source code to find vulnerabilities and bugs in order to prevent any exploitation or threats to the application the developers are working on.
I used SonarQube to find all the vulnerabilities of an insecure web application (http://demo.testfire.net/) and created a Detailed Report of 64-Pages on all the vulnerabilities captured and their prevention methods.
In the Last Month of my Internship I worked on Completing a Certification Course on Vulnerability Management- Qualys. I also worked on the Final Report Submissions and Presentation.
Learnings
- Learnt about the Vulnerability Management Lifecycle and its Issues and How to Resolve them.
- Gained knowledge about the working of several Vulnerability Management Tools.
- Learnt about Applications of Static Application Security Testing (SAST) Tools.
- Manually finding Vulnerabilities in the Source Code of a Web Application.
- Configuration and working with SonarQube to Find and Analyze Vulnerabilities.
Acknowledgment
I will be eternally thankful to my mentors and instructors, without whom I would not have been able to achieve so much and have had such wonderful experiences and learning opportunities.
THANK YOU !!
