Conduct in-depth assessment of your web application's security

Delivery in
5 days

  • Views 17
  • 0

What you get with this Hourlie

With this Hourlie you get an in-depth and extensive assessment (black-box penetration test) of the state of security of your web site or web application. The penetration test is customized towards the underlying technology of your web application as well as its internal business logic.

You will receive a detailed report, including:
• technical details of potential vulnerabilities,
• non-technical explanations on their potential impact and
• hands-on mitigation strategies to efficiently solve the issues.

The security assessment will check for the top 10 most critical web application security risks according to the Open Web Application Security Project (OWASP). Specifically, your application will be tested (amongst others) against:
• injection flaws (SQL, CRLF, OS command, LDAP, expression language, XPath, etc.),
• broken authentication (URL rewriting, session fixation, weak authentication),
• sensitive data exposure (username exposure, backup file exposure, etc.),
• XML entity attacks (XXE),
• broken access control,
• cross-site scripting (reflected XSS, persistent XSS, DOM-based XSS) and
• weak server-side security.

For a rapid penetration test at a reduced rate, please see my other hourlie (

Get more with Hourlie Add-ons

  • I can conduct a white-box assessment, i.e., source code review of potentially critical code sections

    Additional 3 working days

  • I can deliver all work in 1 working day

What the Seller needs to start the work

For a successful assessment the following things are required:
1) The complete URL (including potential sub-paths) to the application under test.
2) A proof of you being the owner of the URL to be tested.
3) An authorization, reflecting that you authorized and assigned me to perform the pen-test on the target.
4) Disabling of any Web Application Firewall running in front of the respective web application is recommended. If the WAF stays enabled, effectively the security of the WAF and _not_ of your web application is tested.
5) Please provide a non-production environment of your web application, as a full-blown penetration system on a live system is highly unrecommended as it can induce increased latency or potential downtimes. In case no test environment can be provided only a subset of the checks can be performed.