Aleksandar Kosanovic

Experience

• 

  Siemens d.d.

  Jan 2004 - Aug 2005

  Software developer

  - have worked as Software Developer for Data Services team in Zagreb, Croatia- have participated in all phases of process of developing and maintening features (old and new) of software for Mobile Switching Centre (CP part) : analysis, design, coding, testing (simulator), verification

• 

  Ericsson Nikola Tesla

  Aug 2004 - Jan 2010

  - working on international projects (till now 23 of them)- working on network design based on MSS (Mobile softswitch solution) CS based- specialized on MGWs and MSC-Servers- complete hardware allocation for MGWs and MSC-Servers, defining interfaces, terminations, type of transmission (TDM, ATM and IP), ATM design (VCs and VPs, traffic descriptors, AAL2 and AAL5 specifics), Virtual MGWs, MSC in Pool concept- working on dimensioning the mobile core network nodes - worked with all types of transmission: TDM, ATM and IP Show less

  • IMS Solution Architect

    Aug 2008 - Jan 2010

  • Network Design and NPI manager

    Aug 2004 - Aug 2008
• 

  Ericsson Nikola Tesla

  Apr 2010 - May 2023

  - Vulnerability Assessment/Analysis - systematic approach used to analyze the security posture of a product. It combines: * Test execution: > vulnerability testing (PRIO 1) – information collection, network discovery, port scanning and vulnerability scanning > robustness tests (PRIO 2) – denial of service attacks and protocol fuzzing... > penetration testing (PRIO 3) – manual web (Burp suite, OWASP top ten..), manual ad hoc (not just web), brute force attacks, Man in the Middle attacks... * Test result analysis > gather, analyse and validate the findings > write VA report - identifies the system or node vulnerabilities, their severity and their recommended mitigation action- introduced to common attack vectors- Tools used: * Codenomicon Defensics - used for protocol robustness test and security testing, fuzz testing (fuzzing) * Nessus – vulnerability scanner * nmap – port and vulnerability scanner * hping3 – TCP/IP packet assembler/analyzer * wireshark - network protocol analyzer * OpenVas – Open Source vulnerability scanner and manager vulnerability assesment suite * zenmap – official nmap security scanner GUI * Metasploit Framework and Armitage - contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection * OWASP ZAP - web application security scanner * IXIA - traffic generator * Scapy and other packet crafter tools * t50 stress test tool * thc-ssl-dos - DoS Tool Against Secure Web-Servers and for Testing SSL-Renegotiation * Burp suite - Application Security Testing Software * Nikto - Web Server Scanner * Kali Linux penetration testing tools Show less

  • Vulnerability Assessment Tester

    Jun 2016 - May 2023

  • Software engineer

    Apr 2010 - Jun 2016
• 

  KING ICT

  May 2023 - now

  System engineer/vulnerability assessment/penetration tester