Need ethical hacker for testing

₹250000-500000 INR

Closed

Posted about 1 month ago

₹250000-500000 INR

Paid on delivery

I need a seasoned ethical hacker to perform a full-scale security audit of one of my production web applications. The primary goal is to uncover code-level vulnerabilities—anything from insecure input handling to flawed session management—and provide a clear remediation plan. While the audit may touch on broader OWASP issues, I’m specifically interested in how the current codebase could be exploited and what exact fixes will close those gaps. Here is how I see the engagement unfolding: • Conduct a thorough review of the live application and its underlying source code, using industry-standard tools such as Burp Suite, OWASP ZAP, static analysis utilities, and any custom scripts you rely on. • Deliver a detailed report that ranks each finding by severity, explains the exploit path, and outlines practical mitigation steps. Code snippets or proof-of-concepts are welcome where relevant. • Wrap up with a brief debrief session (video or written) so I can clarify any questions before pushing changes to production. I’ll grant you test-environment access, API keys, and any documentation you require once we finalize terms. The audit should respect current uptime SLAs—no testing that could disrupt service. Acceptance criteria: – At least one pass of automated and manual testing covering the full feature set. – A vulnerability matrix with CVSS scoring or a comparable rating scheme. – Actionable remediation advice that my development team can implement without guesswork. If you have recent experience auditing web apps for code vulnerabilities and can commit to a concise turnaround, let’s move forward.

Project ID: 40387204

About the project

2 proposals

Remote project

Active 23 secs ago

Looking to make some money?

Email address

Benefits of bidding on Freelancer

Set your budget and timeframe

Get paid for your work

Outline your proposal

It's free to sign up and bid on jobs

2 freelancers are bidding on average ₹285,388 INR for this job

@offensiumvault

We at Offensium Vault Private Limited (ISO 27001:2022 & ISO 9001:2015) can perform a code-focused security audit + penetration test of your web application. Approach • Secure code review + dynamic testing to uncover real exploit paths • Coverage of input validation, session management, auth flows, and business logic flaws • Manual + automated testing using Burp Suite, OWASP ZAP, SAST tools, and custom scripts • Fully non-disruptive testing aligned with your uptime requirements Deliverables • Detailed report with CVSS-based severity, exploit paths, and PoC/code snippets • Vulnerability matrix covering all tested features • Clear, actionable remediation steps for developers • Debrief session to clarify findings and fixes Experience • Secured SaaS, fintech, and production web apps with focus on code-level vulnerabilities • Identified issues like auth bypass, IDOR, injection flaws, and session weaknesses We can ensure a concise turnaround and start immediately once access is provided.

₹250,000 INR in 7 days

5.0

(3 reviews)

3.6

@kamran2012

Hi, I will perform a full security audit of your production web application — combining automated scanning with manual code review to identify vulnerabilities in input handling, session management, authentication flows, and business logic flaws. For the source code review, I will map each user-controllable input to its server-side handler and trace data flow through to storage and output. This catches issues automated tools miss — such as second-order injection where malicious input is stored safely but executed in a different context later. Each finding will include CVSS scoring, a working proof-of-concept, and exact code-level fixes your team can apply directly. Questions: 1) What is the primary tech stack — language, framework, and database — so I can prepare the right static analysis tooling? Looking forward to your response. Best regards, Kamran

₹320,775 INR in 30 days