Phoenix - Your AI AssistantSecurity Tester / Penetration Tester (MVP Platform)
- Posted:
- Proposals: 20
- Remote
- #4465328
- Open for Proposals
Rawalpindi 
Description
Experience Level: Expert
Estimated project duration: less than 1 week
We are seeking a practical, detail-oriented security tester to conduct a structured penetration testing and security assessment of our early-stage platform.
This is an MVP and early-access engagement, not a formal certification audit. The goal is to identify and remediate material security risks using recognised methodologies and free/open-source tools, ahead of broader public and enterprise pilots.
This role is ideal for an experienced independent tester who understands startup constraints and can deliver real security value without unnecessary overhead.
Scope of Work
The engagement includes security testing of:
• Public web application
• Backend APIs
• Authentication and authorisation flows
• API key usage and access controls
• Admin or privileged interfaces
• Application-related infrastructure exposure
Out of scope:
• Third-party services
• Denial-of-service testing
• Social engineering
• Formal certification (ISO, SOC, etc.)
Required Standards and Approach
Testing must align with:
• OWASP Top 10 (Web Application)
• OWASP API Security Top 10
Manual testing and validation are required. Automated scanning alone is not sufficient.
Tools (Free / Open Source)
You are expected to use some or all of the following:
• OWASP ZAP
• Burp Suite Community Edition
• Postman
• Snyk (free tier) or Trivy
• Nmap
• SSL Labs Server Test
You may propose additional free tools where appropriate.
Deliverables
You must provide a written security assessment report that includes:
• Executive summary
• Scope and methodology
• Findings with severity ratings (Critical, High, Medium, Low)
• Evidence and reproduction steps
• Practical remediation guidance
• Tool-generated reports (where applicable)
• Clear statement that this is a non-certified assessment
Clear, professional documentation is essential.
This is an MVP and early-access engagement, not a formal certification audit. The goal is to identify and remediate material security risks using recognised methodologies and free/open-source tools, ahead of broader public and enterprise pilots.
This role is ideal for an experienced independent tester who understands startup constraints and can deliver real security value without unnecessary overhead.
Scope of Work
The engagement includes security testing of:
• Public web application
• Backend APIs
• Authentication and authorisation flows
• API key usage and access controls
• Admin or privileged interfaces
• Application-related infrastructure exposure
Out of scope:
• Third-party services
• Denial-of-service testing
• Social engineering
• Formal certification (ISO, SOC, etc.)
Required Standards and Approach
Testing must align with:
• OWASP Top 10 (Web Application)
• OWASP API Security Top 10
Manual testing and validation are required. Automated scanning alone is not sufficient.
Tools (Free / Open Source)
You are expected to use some or all of the following:
• OWASP ZAP
• Burp Suite Community Edition
• Postman
• Snyk (free tier) or Trivy
• Nmap
• SSL Labs Server Test
You may propose additional free tools where appropriate.
Deliverables
You must provide a written security assessment report that includes:
• Executive summary
• Scope and methodology
• Findings with severity ratings (Critical, High, Medium, Low)
• Evidence and reproduction steps
• Practical remediation guidance
• Tool-generated reports (where applicable)
• Clear statement that this is a non-certified assessment
Clear, professional documentation is essential.
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.