VM

VM SecOps

Security | Pentesting | DevSecOps

Senior Security Analyst · Offensive Security

Vasu Melipaka

I help organizations strengthen their Web, Mobile (Android/iOS) and API security through deep, manual penetration testing aligned with OWASP, MASVS and PCI DSS 4.0. I focus on realistic attack paths and business impact, not just automated scanner output.

About Vasu Security Services for Your Business
Web & API Pentesting Mobile Security (MASVS) PCI DSS 4.0 Aligned
View LinkedIn Profile →
Vasu Melipaka
Available for consulting
6+ yrs Cybersecurity · 11+ yrs IT

Profile Summary

High-impact, manual security assessments for Web, Mobile & APIs.

Who I Am

Senior Security Analyst specializing in penetration testing for Web, Mobile and API platforms. I combine offensive security techniques with a strong understanding of business workflows, helping leaders understand the real impact behind each vulnerability.

I work closely with engineering, QA and architecture teams to embed security into SDLC checkpoints instead of treating it as a last-minute approval gate.

What I Deliver

  • • Evidence-backed findings with clear PoCs and reproduction steps.
  • • OWASP, MASVS and PCI DSS 4.0 control mapping for compliance teams.
  • • CVSS-based risk ratings with business-friendly explanation.
  • • Developer-ready remediation guidance and configuration examples.
  • • Retesting and closure validation for production readiness.

Pentest Snapshot

A simple view of how I track risk, coverage and delivery.

Active Engagements

3

Web · Mobile · API

Findings (Last 30 Days)

27

Across all severities

High / Critical

8

Prioritised with owners

Retest Closure Rate

92%

Confirmed and verified

Risk Coverage

  • • OWASP Web Top 10
  • • OWASP API Top 10
  • • OWASP MASVS (M1–M10)
  • • TLS / HTTP security headers
  • • Authentication & session management

Engagement Style

  • • Threat-driven test planning
  • • Manual verification of scanner output
  • • Clear separation of false positives
  • • Regular touchpoints with dev & QA
  • • Executive-ready summaries for leadership

Ideal Use Cases

  • • Pre-production security sign-off
  • • PCI DSS 4.0 readiness for web & mobile
  • • New feature / release hardening
  • • Independent review of internal findings
  • • Executive visibility into true risk

Security Services

Web Application Pentesting

Deep testing for authentication flaws, broken access control, IDOR, session weaknesses and business logic gaps before production.

Mobile App Security

MASVS-aligned assessments for Android & iOS – storage, API usage, reverse engineering and runtime protections.

API Security

Coverage for BOLA/BFLA, JWT handling, rate limiting, replay and abuse scenarios across microservices and gateways.

DevSecOps Advisory

SAST, SCA and secrets scanning integration into CI/CD pipelines with meaningful quality gates and low noise for developers.

Cloud & Platform Review

IAM, storage, network and perimeter checks to reduce unexpected exposure of internal services in AWS / Azure environments.

Retesting & Advisory

Fix validation, ticket-level review and continuous advisory support for future releases and security enhancements.

Sample Engagements

High-level examples of how I approach different environments.

Fintech Web Portal

Full-stack web assessment for a finance portal handling onboarding and payments. Identified broken access control and session handling issues before production rollout.

Mobile App + API

Assessed Android/iOS app and supporting APIs against OWASP MASVS and API Top 10, focusing on authentication flows, data protection and runtime protections.

PCI DSS Readiness

Supported a payment-focused product team with web and mobile security validation mapped to PCI DSS 4.0, enabling smoother compliance review and audit discussions.

Skills & Tooling

Application Security

OWASP Web Top 10 IDOR / BAC Session Management CORS / CSRF

Mobile & API

MASVS M1–M10 OWASP API Top 10 MobSF / Frida / Objection Burp Suite

Governance & DevSecOps

PCI DSS 4.0 Secure SDLC SAST / SCA Cloud Security (AWS/Azure)

Portfolio Activity Snapshot

High-level view of the type of work I typically handle.

Web Applications

40+

Portals & dashboards

Mobile Apps

20+

Android & iOS

APIs

50+

Public & internal

PCI DSS-Focused

Multiple

Web, mobile & APIs

Let’s Talk Security

If you need a focused pentest for an upcoming release, an independent review of an existing application, or PCI DSS-aligned testing, feel free to reach out.

Email: contact@vmsecops.com WhatsApp: +91 7386666420 View LinkedIn Profile

© 2025 VM SecOps – Portfolio & Security Services by Vasu Melipaka.

Fetching real-time cybersecurity updates…