Closed

Pentration testing of our web site #2

We would like an experienced person to perform penetration testing of our web site. this is the scope of work

This is very urgent.

Scope of Work.

The Freelancer will perform an Application Penetration Testing to identify vulnerabilities in applications residing on Customer’s networked systems that offer user or inter-process interfaces, such as web applications and “thick” clients. The Application Penetration Testing will examine Customer’s application’s components and technologies to identify vulnerabilities in systems, server systems, static content, and server-side programs that implement the application logic.

The Freelancer will identify common and more unique application flaws. The Freelancer will test for common application flaws, such as stack overflows and format string issues. In addition, The Freelancer will examine the application’s underlying design for unique vulnerabilities that may not be easily recognizable during a more superficial investigation.

The Freelancer will perform a variety of checks, based on industry-specific guidance, industry practices and standards. As determined necessary by The Freelancer, application components will be tested for improper configuration, session tracking weaknesses, encryption implementation and strength, input validation, flaws in server-side executables, and sensitive or unnecessary information within HTML content.

The Freelancer will perform application security testing of the Customer’s applications through automated web application scanning as well as manual application functionality testing. The Freelancer’s testing techniques will consist of:

· Input validation bypass – The Freelancer will remove client side validation routines and bounds-checking restrictions to confirm controls are implemented on application parameters sent to the server.

· SQL injection – The Freelancer will submit specially crafted SQL commands in input fields to validate input controls are in place for the protection of database data.

· Cross-site scripting – The Freelancer will submit active content to the application in an attempt to cause a user's web browser to execute unauthorized and unfiltered code. This test is meant to validate user input controls.

· Parameter tampering - The Freelancer will modify query strings and parameters, and hidden fields in an attempt to gain unauthorized access to user data or application functionality.

· Cookie poisoning – The Freelancer will modify data sent in cookies in order to test application response to receiving unexpected cookie values.

· User privilege escalation – The Freelancer will attempt to gain unauthorized access to administrator or other users’ privileges.

· Credential manipulation – The Freelancer will modify identification and authorization credentials in an attempt to gain unauthorized access to other users’ data and application functionality.

· Forceful browsing – The Freelancer will enumerate files located on a web server in an attempt to access files and user data not explicitly shown to the user within the application interface.

· Backdoors and debug options –The Freelancer will identify code left by developers for debugging purposes that could potentially allow an intruder to gain additional levels of access.

· Configuration subversion –The Freelancer will assess Customer’s web servers and application servers for improper configurations that could create attack vectors.

· Test Environments – Some Applications (as defined below) to be tested will be in a Customer test or development environment.

Habilidades: Seguridad informática, Verificación de software, Verificación / QA, Verificación de usabilidad

Ver más: penetration testing steps pdf, how to do penetration testing manually, penetration testing tools, penetration testing tutorial, how to do penetration testing, penetration testing techniques, penetration testing steps, penetration test plan template, manual testing web site, commerce web site testing, sample commerce testing web site, outsource web site testing job, php config web site production testing, query collect data web site, advanced excel query web site, excel web query scrape web site, freelance job websites list application security penetration testing web site security, web site testing beta testing various user scenarios, need design for a 2 page statistics web site, we do underground directional boring and design a simple 3 page web site

Información del empleador:
( 12 comentarios ) Sydney, Australia

Nº del proyecto: #17589314

25 freelancers están ofertando el promedio de $19/hora para este trabajo

ridihima

Hello sir , I am Currently working as test analyst. I am having 7 years of experience as a tester. Have good experience in penetration testing as well . I would very much enjoy having the opportunity to talk with you f Más

$16 AUD / hora
(14 comentarios)
4.3
$22 AUD / hora
(1 comentario)
3.8
ronkr720

I have Knowledge in Penetration testing and Ethical Hacking. With a Background of 2 and a Half Years in Cyber Security and Ethical hacking. I have Self Learned by Watching Several Courses, Books and by Playing CTF, Más

$20 AUD / hora
(1 comentario)
2.8
royalrohan

I am OSCP, Crest certified and author of CVE-2015-8032 and CVE-2015-8033 . Our Team consists of top 20 hackers in the world. Acknowledged by Google,Microsoft,Adobe,Deskpro, Blackberry and many more for reporting sec Más

$22 AUD / hora
(0 comentarios)
0.0
gauravkumar12390

we have CEH certified team having more than 5 years of experience in penetrations testing and cyber security testing

$16 AUD / hora
(0 comentarios)
0.0
bentr

Hi! I have 4 years of experience in an IT security company with focus on Cloud security and AWS. I assessed and pentested several large scale DAX and startup companies and assisted them in building robust and secure Más

$24 AUD / hora
(0 comentarios)
0.0
kingsmanrbd

Penetration tester with 3+ years of hands-on experience in assessing the Infrastructure, Web-application, Internal network, External network and Android applications. Worked with one of the successfully running cyber s Más

$22 AUD / hora
(0 comentarios)
0.0
heruxie

I am self learning website security attack.

$25 AUD / hora
(0 comentarios)
0.0
ashishthakur2010

ISTQB certified Overall 3.4 years of total IT experience in all phases of software test life-cycle, with expertise across modules of ERP & E-Commerce domains. I have extensive experience in Requirement Analysis, writin Más

$22 AUD / hora
(0 comentarios)
0.0
samihramzy

I am an information security specialist for more than 4 years in one of the biggest banks in Egypt, i have a very good experience in penetration testing, I respect time and promise to deliver the best value for the mon Más

$15 AUD / hora
(0 comentarios)
0.0
$15 AUD / hora
(0 comentarios)
0.0
$16 AUD / hora
(0 comentarios)
0.0
$22 AUD / hora
(0 comentarios)
0.0
ritasaha9

I have got relevant experience in web and mobile testing to complete the work with efficiency. If given option to proof my work, I will be obliged.

$22 AUD / hora
(0 comentarios)
0.0
chiragsavaliya57

Hii, I have 4+ years experience in the Web and Mobile based testing technologies. I have good experience with Automation, JUnit, Spring,Jquery, HTML5, CSS3, Bootstrap, MySQL. Technologies are not limitations for m Más

$16 AUD / hora
(0 comentarios)
0.0
engcne1chaat

because I provided a good price and I have more than 7 Years Experience in penetration testing, also more than 7 years exp en database and Applications.

$15 AUD / hora
(0 comentarios)
0.0
$16 AUD / hora
(0 comentarios)
0.0
roberknight01

i have several skills on web application pentest, and i have a certificate on how to make a web pentest including report. Also i have tools and knowledge how to detect and exploit advance vulnerabilities. other s Más

$27 AUD / hora
(0 comentarios)
0.0
bhaumikbhut

A software engineer with an experience of object-oriented programming, Agile development, Automation and Manual testing; Also a quick learner to new technologies.I specialize in Computer Software. I’m passionate about Más

$22 AUD / hora
(0 comentarios)
0.0
harikatanikella

Hi. I worked in a reputed Software company for 6years in Testing stream. During my tenure in the company , i’ve done Manual testing projects for which i won many accolades from the Client as well as the higher manageme Más

$16 AUD / hora
(0 comentarios)
0.0