Pentration testing of our web site #2

$15-25 AUD / hour

Cerrado

Publicado

hace más de 5 años

$15-25 AUD / hour

We would like an experienced person to perform penetration testing of our web site. this is the scope of work This is very urgent. Scope of Work. The Freelancer will perform an Application Penetration Testing to identify vulnerabilities in applications residing on Customer’s networked systems that offer user or inter-process interfaces, such as web applications and “thick” clients. The Application Penetration Testing will examine Customer’s application’s components and technologies to identify vulnerabilities in systems, server systems, static content, and server-side programs that implement the application logic. The Freelancer will identify common and more unique application flaws. The Freelancer will test for common application flaws, such as stack overflows and format string issues. In addition, The Freelancer will examine the application’s underlying design for unique vulnerabilities that may not be easily recognizable during a more superficial investigation. The Freelancer will perform a variety of checks, based on industry-specific guidance, industry practices and standards. As determined necessary by The Freelancer, application components will be tested for improper configuration, session tracking weaknesses, encryption implementation and strength, input validation, flaws in server-side executables, and sensitive or unnecessary information within HTML content. The Freelancer will perform application security testing of the Customer’s applications through automated web application scanning as well as manual application functionality testing. The Freelancer’s testing techniques will consist of: · Input validation bypass – The Freelancer will remove client side validation routines and bounds-checking restrictions to confirm controls are implemented on application parameters sent to the server. · SQL injection – The Freelancer will submit specially crafted SQL commands in input fields to validate input controls are in place for the protection of database data. · Cross-site scripting – The Freelancer will submit active content to the application in an attempt to cause a user's web browser to execute unauthorized and unfiltered code. This test is meant to validate user input controls. · Parameter tampering - The Freelancer will modify query strings and parameters, and hidden fields in an attempt to gain unauthorized access to user data or application functionality. · Cookie poisoning – The Freelancer will modify data sent in cookies in order to test application response to receiving unexpected cookie values. · User privilege escalation – The Freelancer will attempt to gain unauthorized access to administrator or other users’ privileges. · Credential manipulation – The Freelancer will modify identification and authorization credentials in an attempt to gain unauthorized access to other users’ data and application functionality. · Forceful browsing – The Freelancer will enumerate files located on a web server in an attempt to access files and user data not explicitly shown to the user within the application interface. · Backdoors and debug options –The Freelancer will identify code left by developers for debugging purposes that could potentially allow an intruder to gain additional levels of access. · Configuration subversion –The Freelancer will assess Customer’s web servers and application servers for improper configurations that could create attack vectors. · Test Environments – Some Applications (as defined below) to be tested will be in a Customer test or development environment.

ID del proyecto: 17589314

Información sobre el proyecto

25 propuestas

Proyecto remoto

Activo hace 6 años

¿Buscas ganar dinero?

Dirección de email

Beneficios de presentar ofertas en Freelancer

Fija tu plazo y presupuesto

Cobra por tu trabajo

Describe tu propuesta

Es gratis registrarse y presentar ofertas en los trabajos

25 freelancers están ofertando un promedio de $19 AUD /hora por este trabajo

@ridihima

Hello sir , I am Currently working as test analyst. I am having 7 years of experience as a tester. Have good experience in penetration testing as well . I would very much enjoy having the opportunity to talk with you further to discuss the requirements and expectations of the position, and how I could use my skills to benefit your firm. Thank you for your time and consideration. I look forward to hearing from you.

$16 AUD en 10 días

4,8

(14 comentarios)

4,3

@ronkr720

I have Knowledge in Penetration testing and Ethical Hacking. With a Background of 2 and a Half Years in Cyber Security and Ethical hacking. I have Self Learned by Watching Several Courses, Books and by Playing CTF, HacktheBox VMs and VulnHubs VMs. I have done several Penetration tests Previously for my Other Clients. And I can Help and Perform Tests on The Following:- Network testing both Wired and Wireless . System/Server Testing including all Operating Systems such as Windows and Linux. Web App Testing including CMS Software such as Wordpress, Drupal and Joomla. I also Have Following Skills:- Malware Removal from Computers and Phones. Social Engineering Setting up WordPress Websites. Fixing Linux and Windows Issues. I'll Perform my best and provide detailed report of the same. regards, Rahul

$20 AUD en 20 días

5,0

(1 comentario)

2,8

@chiragsavaliya57

Hii, I have 4+ years experience in the Web and Mobile based testing technologies. I have good experience with Automation, JUnit, Spring,Jquery, HTML5, CSS3, Bootstrap, MySQL. Technologies are not limitations for me as I am very much interested and quick to learn new technologies. Client satisfaction is my number one priority. I always work to my fullest capacity and make sure that my clients are always happy. I understand them and their requirements which helps me to do everything within my client's budget and time. Thanks, Chirag

$16 AUD en 60 días

0,0

(0 comentarios)

0,0

@qalint

QALint is a platform for Software Development Companies to directly plug and play with any QA Specialist on-demand basis. With our multiple in-house QA Professionals specializing in multiple domains and platform technologies, you are independent to appoint our Professionals in Hour/ Project Basis. QALint is flexible- thus giving you the freedom that harmonizes with your task at hand/ work load.

$15 AUD en 40 días

0,0

(0 comentarios)

0,0

@kavithakotteswar

I have experience in testing. If you hire me, I will do my best

$22 AUD en 20 días

0,0

(0 comentarios)

0,0

@vaptsolutions

Have 5+ years of experience in both black box and white box testing penetration testing. Perform VAPT(Vulnerability and penetration testing) services like Web-Application penetration testing; System Application penetration testing; Mobile application penetration testing; Network application penetration testing; social engineering penetration testing etc. Conduct penetration testing in a systematic approach. Follow the standard methodology of the industry like OWASP Testing Guide v4(OTGv4) ; SANS top 25; NIST SP 800-115; PCI DSS to perform penetration testing so that client can concentrate on their professions without worrying about security threats. Web Application Testing: Do web application penetration testing with the latest methodology like OWASP Top-10, SANS Top-25. Perform both manual and automated penetration testing for vulnerabilities like Injection flaws(such as SQL, NoSQL, OS, and LDAP injection etc),Broken Authentication, Sensitive Data Exposure,XML External Entities (XXE), Broken Access Control,Security Misconfiguration, Cross-site scripting(XSS), Insecure Deserialization, Using Components with Known Vulnerabilities,Insufficient Logging & Monitoring. Also perform source code reviews for many technologies like java, .NET, PHP etc. Approach for Manual Web-Application Penetration Testing: Conduct manual testing with following controls: * Configuration and Deployment Management Testing * Identity Management Testing * Authentication Testing * Authorization Testing * Session Management Testing * Input Validation Testing * Testing for Error Handling * Testing for weak Cryptography * Business Logic Testing * Client Side Testing Tools that use for Automated Web Penetration Testing: Acunetix, Burp-Suite, Netsparker, Nexpose, Nikto, IBM Appscan, HP fortify, W3af etc. Network penetration testing:Provide Network Penetration Testing so that your Network Infrastructure is secured from the real world attacks. Do both manual and automated network penetration testing. Approach for Manual Network Penetration Testing: Manually check for IDS/IPS, Server, Networks switch, Network Router, VPN, Firewalls, Anti-virus,Password etc. Tools that use for automated network penetration testing: OpenVas, Wireshark, Nessus, Metasploit, Armitage, Scapy etc.

$16 AUD en 40 días

0,0

(0 comentarios)

0,0

@harikatanikella

Hi. I worked in a reputed Software company for 6years in Testing stream. During my tenure in the company , i’ve done Manual testing projects for which i won many accolades from the Client as well as the higher management team. I worked in waterfall model for projects and Agile mode in other projects. And in almost all the projects I’ve done Smoke testing , Adhoc testing , Stress testing , Browser compatibility testing, Bug testing ... I am certain that i would add a great value to your project if being selected.

$16 AUD en 40 días

0,0

(0 comentarios)

0,0

@bhaumikbhut

A software engineer with an experience of object-oriented programming, Agile development, Automation and Manual testing; Also a quick learner to new technologies.I specialize in Computer Software. I’m passionate about what I do, and I love to help people. Nothing is more fulfilling than being part of a team with similar interests, and an organization that values its employees.

$22 AUD en 40 días

0,0

(0 comentarios)

0,0

@roberknight01

i have several skills on web application pentest, and i have a certificate on how to make a web pentest including report. Also i have tools and knowledge how to detect and exploit advance vulnerabilities. other skiil that i have is exploit development en GNU/Linux systems. I would like to know if the bugdet could be higher, because detect and exploit a vulnerability require an considerable amount of time.

$27 AUD en 40 días

0,0

(0 comentarios)

0,0

@engcne1chaat

because I provided a good price and I have more than 7 Years Experience in penetration testing, also more than 7 years exp en database and Applications.

$15 AUD en 40 días

0,0

(0 comentarios)

0,0

@ritasaha9

I have got relevant experience in web and mobile testing to complete the work with efficiency. If given option to proof my work, I will be obliged.

$22 AUD en 40 días

0,0

(0 comentarios)

0,0

@royalrohan

I am OSCP, Crest certified and author of CVE-2015-8032 and CVE-2015-8033 . Our Team consists of top 20 hackers in the world. Acknowledged by Google,Microsoft,Adobe,Deskpro, Blackberry and many more for reporting security issues , so if i can find bug there why cann't in your application. I was Dropbox NO.1 Hacker for the year 2014. Don't risk your application just for reports, Get your app tested by real world researchers hackers. Apart from only OWASP top10 we can find new updated attacks like subdomain takeover,XXE,XSPA,2FA and Captcha bypass,Race condition bug,CSV injection, reflected file download vulnerability,pixel flood attack,OAuth &API bugs. To know more about us Search Rahul Maini, Rohan Birtia, Dipak Das in google.

$22 AUD en 40 días

0,0

(0 comentarios)

0,0

@samihramzy

I am an information security specialist for more than 4 years in one of the biggest banks in Egypt, i have a very good experience in penetration testing, I respect time and promise to deliver the best value for the money paid.

$15 AUD en 45 días

0,0

(0 comentarios)

0,0

@ashishthakur2010

ISTQB certified Overall 3.4 years of total IT experience in all phases of software test life-cycle, with expertise across modules of ERP & E-Commerce domains. I have extensive experience in Requirement Analysis, writing Test Cases and Test Scenarios.

$22 AUD en 40 días

0,0

(0 comentarios)

0,0

@heruxie

I am self learning website security attack.

$25 AUD en 40 días

0,0

(0 comentarios)

0,0

@kingsmanrbd

Penetration tester with 3+ years of hands-on experience in assessing the Infrastructure, Web-application, Internal network, External network and Android applications. Worked with one of the successfully running cyber security startups in india. Core Expertise in handling various tools such as Acunetix, Burpsuite, Nessus, Openvas, Sqlmap, Xenotix, Recon-Ng, Metasploit Framework, Wireshark and Nmap. Possess good reporting skills, knowledge on recent cyber attacks, able to meet project deadlines, dynamic and self motivated person. Committed in delivering the quality in projects as promised, you will get daily status report, final report and patch fixing report. Contact me for :: Network penetration testing (external & internal) , Web application penetration testing, Android Application testing, Forensics, Ethical hacking training(web & network), Database Auditing, Firewall and Endpoint Security Audit, Physical Security Audit.

$22 AUD en 40 días

0,0

(0 comentarios)

0,0

@bentr

Hi! I have 4 years of experience in an IT security company with focus on Cloud security and AWS. I assessed and pentested several large scale DAX and startup companies and assisted them in building robust and secure infrastructures. Depending on the details of this project, the price is negotiable and I will gladly assist you with any requests you might have. Feel free to check my Linked in on my profile page. Best, Benedikt

$24 AUD en 20 días