Phoenix - Your AI AssistantVulnerability/API checks/Basic Cyber Audit on website
- Posted:
- Proposals: 14
- Remote
- #4400033
- Awarded
London 
Description
Experience Level: Intermediate
I’m looking for someone with web security experience to do a basic vulnerability and API exposure check on my website: https://www.mymaternalhub.co.uk
This isn’t a high-risk or enterprise-level system, but it will collect personal information, so I want to make sure there are no exposed API endpoints, admin panels, or misconfigurations that could put user data at risk.
I’d like you to:
Identify any exposed API endpoints
Check for open directories or admin pages
See if any sensitive files like .env, .git, server-status, etc. are publicly accessible
Look for common vulnerabilities (like XSS, CSRF, SQL injection)
Scan for subdomains or staging environments I may have forgotten about
Check if any secrets, tokens, or API keys are visible in frontend code
Review basic security headers and misconfigurations
Provide a simple report with what you found and what I should fix
Optional but appreciated: if you can recommend or help apply basic fixes like security headers or hardening steps.
This should be a non-invasive audit — I don’t want anything aggressive like brute-force attempts or DDoS tests. Just surface-level scanning and light probing using tools like OWASP ZAP, WPScan, Nikto, Nmap, or anything else you're comfortable with.
This isn’t a high-risk or enterprise-level system, but it will collect personal information, so I want to make sure there are no exposed API endpoints, admin panels, or misconfigurations that could put user data at risk.
I’d like you to:
Identify any exposed API endpoints
Check for open directories or admin pages
See if any sensitive files like .env, .git, server-status, etc. are publicly accessible
Look for common vulnerabilities (like XSS, CSRF, SQL injection)
Scan for subdomains or staging environments I may have forgotten about
Check if any secrets, tokens, or API keys are visible in frontend code
Review basic security headers and misconfigurations
Provide a simple report with what you found and what I should fix
Optional but appreciated: if you can recommend or help apply basic fixes like security headers or hardening steps.
This should be a non-invasive audit — I don’t want anything aggressive like brute-force attempts or DDoS tests. Just surface-level scanning and light probing using tools like OWASP ZAP, WPScan, Nikto, Nmap, or anything else you're comfortable with.
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.