- Views 10
What you get with this Hourlie
You will receive a detailed report, including:
• technical details of potential vulnerabilities,
• non-technical explanations on their potential impact,
• hands-on mitigation strategies to efficiently solve the issues.
The security assessment will check for the top most critical web application security risks according to the Open Web Application Security Project (OWASP). Specifically, your application will be tested (amongst others) against:
• SQL, CRLF and OS command injection flaws
• sensitive data exposure (username exposure, backup file exposure, etc.),
• broken access control,
• cross-site scripting (reflected XSS, persistent XSS, DOM-based XSS) and
• weak server-side security.
For an in-depth penetration test, please see my other gig (https://bit.ly/2JrtUt7).
What the Seller needs to start the work
For a successful assessment the following things are required:
1) The complete URL (including potential sub-paths) to the application under test.
2) A proof of you being the owner of the URL to be tested.
3) An authorization, reflecting that you authorized and assigned me to perform the pen-test on the target.
4) Disabling of any Web Application Firewall running in front of the respective web application is recommended. If the WAF stays enabled, effectively the security of the WAF and _not_ of your web application is tested.
5) Please provide a non-production environment of your web application, as a full-blown penetration system on a live system is highly unrecommended as it can induce increased latency or potential downtimes. In case no test environment can be provided only a subset of the checks can be performed.