Aalok Karnik

Current

Penetration Testing Script-writer (Web Security Group) at McAfee

Past

Threat Research Analyst at WebRoot
Web Designer at IRI Institute, USC Gould School of Law
Intern at Interwoven

Application architect for registration system at SICSR

see less...

1 more...

Education

University of Southern California
Symbiosis Institute of Computer Studies and Research, Pune, India
Symbiosis International University

Nowrosjee Wadia College, Pune, India
University of Pune

see less...

2 more...

Recommended

6 people have recommended Aalok

Connections

167 connections

Industry

Computer & Network Security

Websites

Aalok Karnik’s Summary

I have written a set of articles targeted at educating the layman on spyware.

http://aalokkarnik.info/articles/spyware

Aalok Karnik’s Specialties:

Computer Security, Spyware Analysis, Web Technologies, Database driven Web Content Mgmt System Design & Architecture, XML, CSS, AJAX

Aalok Karnik’s Experience

Penetration Testing Script-writer (Web Security Group)

McAfee

(Public Company; 1001-5000 employees; MFE; Computer & Network Security industry)

July 2008 — Present (1 year 5 months)

- write javascript based penetration testing scripts for McAfee's scanners
- vulnerability analysis
- penetration testing
- conversion of NASL scripts to javascript
Threat Research Analyst

WebRoot

(Privately Held; 201-500 employees; Computer & Network Security industry)

March 2007 — June 2008 (1 year 4 months)

- Tasked with analyzing spyware & contributing to spyware definitions in a 20 member threat research team
- Involved usage of a combination of proprietary and other common security tools to monitor activity
- Used VMWare to safely analyze behaviour in a sandboxed environment
Web Designer

IRI Institute, USC Gould School of Law

(Educational Institution; 11-50 employees; Internet industry)

October 2005 — June 2006 (9 months)

• Convert a static site (http://www.iandrinstitute.org) to a dynamic database driven site (https://mylaw.usc.edu/portal/iri)
• Coldfusion, MSSQL Server based system provides content management, role based access control features
• Administrative role based features for adding, updating & deleting content
• Current status :: under testing for final deployment
Intern

Interwoven

(Public Company; 501-1000 employees; IWOV; Information Technology and Services industry)

June 2005 — August 2005 (3 months)

1. involved with TeamSite 6.7 features
2. wrote perl scripts to automate remote execution of JUnit test scripts for nightly build of TeamSite 6.5
3. suggested changes to improve response time, lessen bandwidth usage using HTTP compression and encoding, between client-server and server-client communication in TeamSite 6.7
4. carried out performance tests on versions of TeamSite
Application architect for registration system

SICSR

(Educational Institution; 51-200 employees; Internet industry)

August 2003 — May 2004 (10 months)

Entrance Examination Registration Module (team leader, lead programmer, system designer)

• Unified & led a workforce of 5 from conceptualization to implementation for Symbiosis Institute of Computer Studies & Research (SICSR) in 40 days in capacity of team leader, lead programmer, system designer
• Drafted project milestone chart & delegated tasks assessing core competency. Implemented SDLC
• Trained 3 members of the team on JSP, servlets and java beans, javascript
• Accountable to higher management through milestone presentations
• Java, MySQL, Tomcat & Apache based system features included role based system access, automated event based e-mailing, profiling, administrative functions, search capabilities, easy file based system configuration for database portability
• Technologies used JSP, servlets, java beans, javascript, java mail
• Application currently not online due to change in academic policies. Demo copy available

Aalok Karnik’s Education

University of Southern California

MS , Computer Science - Computer Security , 2004 — 2006

the lab assistant position had me helping out designing lab assignments, questions, testing various security tools, pesentations.

Activities and Societies:

lab assistant for an Advanced Computer Security Course,
member of USC-SEC, a group of individuals inclined towards computer security,
writing educational articles aimed at educating a layman about malicious code,
developed a document management system to manage published papers for a research group at USC,
developed an java based Oracle database front-end to aid with database object creation
Symbiosis Institute of Computer Studies and Research, Pune, India

MS , Computer Science - J2EE Technologies , 2002 — 2004

Self learned advanced features of java based technologies like JDBC, servlets, JSP, tags & taglibs, XML

developed a complete java based web based application for an `online entrance examination registration system` for the school. Main features included automated event based emailing, profiling, role-based access, administrative console

engaged in lectures in javascript for undergraduate students

engaged in lectures on JSP, servlets for graduate students
Symbiosis International University

MS CS , J2EE Technologies , 2002 — 2004
Nowrosjee Wadia College, Pune, India

BS , Computer Science , 1999 — 2002

project #2 has some issues with Java applet permissions regarding accessing files outside the sandbox. This can be circumvented but is prohibited in most environments

Activities and Societies:

1. participated in intra college programming competitions,
2. developed a file compression applet to compress local files & upload to a server resulting in reduced server disk space usage and faster uploads
University of Pune

BCS , Computer Science , 1999 — 2002

Additional Information

Aalok Karnik’s Websites:

Aalok Karnik’s Interests:

I am interested in the anti-spyware domain because online privacy is totally at stake when spyware hits your machine. Currently I am writing articles on spyware ... the target audience being laymen. Hoping to release them online, can someone help me with information and references ? Also interested in gaming content security since breaking into computer systems through online game networks has become common.