Conduct a rapid security audit your web application.

$62
1
Delivery in
2 days

  • Views 10
   
  • 0

What you get with this Hourlie

With this hourlie you get a rapid evaluation (black-box penetration test) of the state of security of your web site or web application. The penetration test is tailored towards the urgent needs of evaluating the security of your web application, especially after a security breach or if you have indications of potential security vulnerabilities that could be exploited by hackers.

You will receive a detailed report, including:
• technical details of potential vulnerabilities,
• non-technical explanations on their potential impact,
• hands-on mitigation strategies to efficiently solve the issues.

The security assessment will check for the top most critical web application security risks according to the Open Web Application Security Project (OWASP). Specifically, your application will be tested (amongst others) against:
• SQL, CRLF and OS command injection flaws
• sensitive data exposure (username exposure, backup file exposure, etc.),
• broken access control,
• cross-site scripting (reflected XSS, persistent XSS, DOM-based XSS) and
• weak server-side security.

For an in-depth penetration test, please see my other gig (https://bit.ly/2JrtUt7).

What the Seller needs to start the work

For a successful assessment the following things are required:
1) The complete URL (including potential sub-paths) to the application under test.
2) A proof of you being the owner of the URL to be tested.
3) An authorization, reflecting that you authorized and assigned me to perform the pen-test on the target.
4) Disabling of any Web Application Firewall running in front of the respective web application is recommended. If the WAF stays enabled, effectively the security of the WAF and _not_ of your web application is tested.
5) Please provide a non-production environment of your web application, as a full-blown penetration system on a live system is highly unrecommended as it can induce increased latency or potential downtimes. In case no test environment can be provided only a subset of the checks can be performed.