Penetracijsko testiranje Jobs

I’m ready to have my website professionally stress-tested so I can patch every weak spot before it becomes a problem. The engagement centres on two critical areas that hold our most sensitive logic and data—the Login System and the User Data Storage modules. Within those components I want you to probe specifically for SQL Injection, Cross-Site Scripting (XSS) and Broken Authentication issues, emulating real-world attack scenarios while staying fully within ethical boundaries. Industry-standard tooling such as Burp Suite, OWASP ZAP, sqlmap, or their equivalents is expected so results are reproducible and mapped against OWASP Top 10. All findings must be compiled in a comprehensive, developer-friendly document that not only confirms each vulnerability but explains impact, suppli...

I’m ready to have my website professionally stress-tested so I can patch every weak spot before it becomes a problem. The engagement centres on two critical areas that hold our most sensitive logic and data—the Login System and the User Data Storage modules. Within those components I want you to probe specifically for SQL Injection, Cross-Site Scripting (XSS) and Broken Authentication issues, emulating real-world attack scenarios while staying fully within ethical boundaries. Industry-standard tooling such as Burp Suite, OWASP ZAP, sqlmap, or their equivalents is expected so results are reproducible and mapped against OWASP Top 10. All findings must be compiled in a comprehensive, developer-friendly document that not only confirms each vulnerability but explains impact, suppli...

We are seeking an experienced cybersecurity professional to develop a high-quality, advanced-level practical ethical hacking video course built around a realistic simulated enterprise attack environment. This course must focus heavily on hands-on execution and demonstrate a structured multi-step attack workflow inside a controlled lab network. The final deliverable must contain approximately 10–12 hours of fully edited, polished video content (final runtime after editing). Budget: 40,000 INR (Maximum) Timeline: 30–60 days Core Course Requirements The course must: Be advanced-level practical content Be structured around a connected simulated company environment Include multiple interconnected attack scenarios Demonstrate complete attack chains Include reconnaissance, e...

I’m a complete beginner in wireless security and want to build solid, practical skills in penetration testing for Wi-Fi networks. Over a series of one-on-one sessions, I’d like you to walk me through fundamentals, tools (Kali Linux, Aircrack-ng, Wireshark, etc.), attack simulations, and safe lab setup so I can eventually plan and execute my own wireless assessments responsibly. Please share examples of past work that prove you’ve carried out real-world wireless engagements or successfully mentored others in this niche. Concrete demonstrations—screenshots, anonymised reports, short video clips—help me judge fit quickly. We’ll meet online, screen-share, and practice live. Each session should end with actionable homework and clear checkpoints so I can tra...

I need an experienced ethical hacker to assess the security of my production web application. The platform handles login credentials—users sign in with their mobile number and password—so I want to be absolutely certain this flow cannot be abused. Scope • Run a full penetration test coupled with an automated and manual vulnerability scan. • Focus especially on authentication, session management, and any area where those credentials travel or are stored. Deliverables - A clear, step-by-step report detailing every finding, severity rating, and proof-of-concept where exploitation is possible. - Practical remediation advice I can hand straight to my development team. - A concise executive summary of overall risk. All testing must respect live-traffic uptime, ...

My customer-facing web applications need a fully-fledged bug bounty program that starts with a professional security assessment. The focus is pure CyberSecurity: map the current attack surface, uncover vulnerabilities, and shape a disclosure workflow that rewards researchers responsibly. You will first perform a thorough security assessment on the live web apps, documenting every finding with severity, reproducible steps, and clear remediation advice. From those results, design the bounty structure (scope wording, reward tiers, triage flow, and response SLAs) so it can be published on platforms such as HackerOne or Bugcrowd. Deliverables • Comprehensive assessment report (OWASP Top 10 coverage, business-logic flaws, misconfigurations, etc.) • Drafted public program brief, inc...

I’m looking for an experienced cybersecurity consultant who can step into my ongoing technology-sector client engagements and add immediate value. The work revolves around helping mid-size SaaS and platform companies identify risks, tighten controls, and document clear remediation roadmaps. You’ll collaborate directly with end-clients, so strong communication skills and the ability to translate technical findings into business language are essential. Day-to-day tasks may include vulnerability reviews, policy gap analysis, incident-response planning, and presenting recommendations to C-level stakeholders. Familiarity with frameworks such as NIST CSF, ISO 27001, and CIS Controls will be handy, though I’m open to whichever methodology best fits each client’s environme...

I am looking for an experienced reverse engineer or mobile security specialist to help analyze the network communication of an Android application. The application currently implements SSL certificate pinning, which prevents traffic inspection using standard interception tools (such as proxies). Because of this, I cannot capture the login requests and related API communication. Project Goals: Perform reverse engineering of the Android APK. Identify and bypass the SSL pinning protection implemented in the app. Enable traffic inspection so the login requests can be captured and analyzed. Document the login request structure and related API endpoints. Help replicate the login request programmatically using either: Node.js, or Python The final goal is to understand how the login API ...

I need an experienced security engineer to harden our multi-tenant SaaS product, prepare us for HIPAA and SOC 2 Type II audits, and stay on call for incident response. The stack runs primarily on AWS, Azure or GCP, with containerised workloads orchestrated by Kubernetes. Day-to-day you will probe our web apps and APIs with Burp Suite and OWASP ZAP, script automation in Bash, and guide the team as we fold security controls into an established Git-based CI/CD pipeline. Key objectives • Run a full penetration test against the platform, documenting exploitable findings against the OWASP Top 10 and cloud-specific misconfigurations. • Configure vulnerability scanning (Nessus, Snyk, Trivy) and wire SAST, DAST and dependency checks into our build pipelines. • Implement and v...

I have a small office network—fewer than twenty endpoints—that I want thoroughly examined for weaknesses. The immediate focus is a vulnerability assessment combined with a full network-security audit. Pen-testing isn’t required right now, but I would like the audit to be detailed enough that we could progress smoothly to active exploitation tests later if needed. Scope – Map every device and service, then scan using industry-standard tools such as Nmap, Nessus or OpenVAS. – Analyse configurations (firewall rules, router settings, shared resources, OS hardening) and identify misconfigurations or outdated software. – Provide a clear, prioritized remediation plan. Critical issues first, followed by medium and low-risk findings. – Conclude wit...

Project Title: Web Security Audit & Penetration Testing for Marketplace Website Description: We are preparing to launch a new online marketplace platform and are looking for an experienced web security specialist to perform a full security review of the site. The goal is to identify any vulnerabilities and ensure the platform is secure before public launch. Scope of work: • Perform a full security audit of the web application • Conduct penetration testing to identify vulnerabilities • Review authentication, API security, and database access • Check for common vulnerabilities (OWASP Top 10) • Identify potential risks in front-end and back-end architecture • Provide a clear report outlining vulnerabilities and recommended fixes Important: • You must hav...

Scenario Background: The scenario assumes that you are working as a security expert for a fictional company, Acme Coffee Company. The company includes several roles, including Bruno (CEO), Spike (Vice President of Sales), Eilik and Eilika (Sales), Loki (System Administrator), and Avery (Marketing). Loki has built a new company server, and Bruno has hired you to conduct a comprehensive security analysis and assessment of that server and submit a complete report. The final report should include your findings, techniques, graphics, and methodology, along with recommendations for improving any security issues identified. Video Overview: The instructor explains that the final project will provide a target machine personally built by the instructor to represent the Acme company environment. Yo...

I am ready to put my in-house web application through a thorough white-box penetration test and need a seasoned ethical hacker to run point. Because I can supply source code, architecture docs, and admin-level credentials, you will have full visibility to explore logic flaws, insecure configurations, and anything else that could turn into a real-world exploit. A key requirement is prior experience registering newly discovered vulnerabilities in official government vulnerability databases or repositories; I will rely on you not only to uncover issues but also to craft the correct disclosure package so the finding can be submitted and tracked according to policy. Scope • Inspect the entire codebase, APIs, and third-party integrations. • Execute manual and automated testing us...

TÉRMINOS DE REFERENCIA Servicio de Análisis de Vulnerabilidades y Pruebas de Intrusión para Infraestructura Tecnológica 1. OBJETIVO DE LA CONTRATACIÓN Contratar un servicio especializado de Análisis de Vulnerabilidades y Pruebas de Intrusión que permita evaluar el nivel de seguridad en: • Defensa perimetral • Redes internas • Sistemas operativos • Aplicaciones web publicadas • Aplicaciones móviles • Sistemas de información y equipos de comunicación 2. PLAZO DE PRESTACIÓN DEL SERVICIO El servicio deberá ejecutarse en un plazo máximo de 45 días calendario. 3. DESCRIPCIÓN DEL SERVICIO Actividades • Evaluar el nivel de seguridad en aplicaciones web, activo...

We are a new SaaS startup looking for a rigorous security specialist to perform a **comprehensive end-to-end security audit**. Our mobile app (iOS & Android) is our core product and requires deep-dive scrutiny, while our landing pages and staff admin panel need a focused vulnerability assessment to ensure total ecosystem integrity. ### **The Scope of Work** We need more than a generic automated scan; we require a blend of manual penetration testing and structured configuration review. * **Mobile App (Deep Dive):** Comprehensive testing based on the **OWASP Mobile Application Security (MAS)** framework. This includes binary analysis, session management, local data storage security, and API communication. * **Web & Admin Panel:** Vulnerability assessment of the staff-facing das...