Xss trabalhos

...partir de um painel único, consultar atividades, gerir permissões e intervir quando necessário. Segurança é prioridade absoluta. A autenticação de dois fatores deve vir ativa por defeito em todas as contas, incluindo a do Administrador. Garanta também que as boas práticas de encriptação em trânsito e em repouso são seguidas; pretendo logs de auditoria completos e proteção contra injeção ou ataque XSS. Aceito propostas que sugiram a stack mais adequada (por exemplo, Node.js + React, Laravel, Django ou outra solução robusta) desde que cumpram estes pontos essenciais: • Perfis distintos: Administrador central, chefe de grupo e utilizador normal ...

...e controle de autenticação. Os testes serão focados nas seguintes áreas principais web e app: owasp-wstg a01: broken access control teste de controles de acesso para verificar se são adequados e se podem ser contornados. A02: Cryptographic Failures Verificação do uso de criptografia, armazenamento de dados sensíveis e transmissão segura. A03: Injection Testes para identificar injeções sql, xss (cross-site scripting), e outras injeções. A04: Insecure Design Avaliação inicial da arquitetura da aplicação para identificar falhas de design que possam levar a vulnerabilidades. A05: Security Misconfiguration Verificação de configuraç&otild...

...e controle de autenticação. Os testes serão focados nas seguintes áreas principais web e app: owasp-wstg a01: broken access control teste de controles de acesso para verificar se são adequados e se podem ser contornados. A02: Cryptographic Failures Verificação do uso de criptografia, armazenamento de dados sensíveis e transmissão segura. A03: Injection Testes para identificar injeções sql, xss (cross-site scripting), e outras injeções. A04: Insecure Design Avaliação inicial da arquitetura da aplicação para identificar falhas de design que possam levar a vulnerabilidades. A05: Security Misconfiguration Verificação de configuraç&otild...

...Monitoramento de deploys Auditoria contínua de vulnerabilidades em contratos (com bots e AI) Detecção de honeypots, exploits, gas griefing, frontrunning 3. Backend e APIs Controle e rate limit de APIs (para traders, LPs, MMs e usuários) Monitoramento de tráfego malicioso Firewall de API com bot detection Gestão segura de tokens de autenticação (JWT, OAuth) 4. Front-end Proteção contra XSS, clickjacking, CSP, session hijacking Verificação de integridade dos scripts no front Gerenciamento seguro de cache 5. Infraestrutura & DevOps Containers e microserviços com observabilidade Escalabilidade com redundância e failover Alertas em tempo real de anomalias e brechas M...

1. Objetivo Desenvolver um sistema para controle de filiados de uma associação, permitindo a gestão eficiente dos cadastros e ...conforme a hierarquia estabelecida. 4.4. Relatórios e Consultas Listagem de filiados ativos e inativos. Relatórios por município, estado e status de aprovação. Exportação de dados (CSV, PDF). 5. Tecnologias Sugeridas Backend: Laravel. Banco de Dados: MySQL Hospedagem: servidor próprio. 6. Requisitos de Segurança Controle de acesso por login e senha. Proteção contra ataques SQL Injection e XSS. Logs de atividades para auditoria. 7. Considerações Finais O sistema deve ser responsivo, intuitivo e de fácil uso para todos os n&i...

...aplicativo móvel. Garantir que botões, formulários e telas estejam funcionando corretamente. Testes de Carga e Performance (K6, JMeter): Avaliar o desempenho do servidor sob alta demanda. Identificar gargalos e otimizar respostas da API. Testes de Segurança (OWASP ZAP, SonarQube): Verificar vulnerabilidades na autenticação e na comunicação dos dados. Proteger contra ataques de injeção SQL e XSS. == Diagramas de Arquitetura === Diagrama de Componentes @startuml package "Aplicação Kwenda" { [App Motorista] --> [API Backend] [App Passageiro] --> [API Backend] [Painel Gestão] --> [API Backend] [API Backend] --> [Banco de Dados] } @enduml === Diag...

Requisitos do sistema Criar uma aplicação em Ruby on Rails utilizando banco de dados PostgreSQL com as seguintes especificações: ● Cadastro de usuários ◦ Usuário poderá ser amigo de outros usuários ◦ Usuário poderá ser atr...Boas práticas de programação para RoR (“The Rails Way”) ● Padronização do código ● DRY (“Don't Repeat Yourself”), reuso de código onde for possível ● Utilização de plugins/gems externos ● Criação de um plugin para uso na aplicação ● Utilização de rotas amigáveis (“user-friendly”) ● Persistência nos dados ● Utilização d...

Conhecimentos necessários: • Javascript nativo, saber quando fazer algo a partir do zero, procurar o código de outros, e ao mesmo tempo, ser capaz de avaliar os prós e os contras de usá-los. • Conhecimento e uso de AngularJS 6+ • Angular Material • Criação e manutenção ...recuperar informações de maneira amigável. • Desenvolver código do lado do cliente para executar animações, transições, lazy load, interações, fluxos de aplicativos, observando otimização progressiva e compatibilidade reversa com versões anteriores. • Certificar que as conexões de back-end são seguras, através de Cross Origin R...

...code review. When you include POST/GET/REQUEST/FILE calls in your plugin, it's important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues. SANITIZE: Data that is input (either by a user or automatically) must be sanitized. This lessens the possibility of XSS vulnerabilities and MITM attacks where posted data is subverted. VALIDATE: All data should be validated as much as possible. Even when you sanitize, remember that you don’t want someone putting in ‘dog’ when the only valid values are numbers. ESCAPE: Data that is output must be escaped properly, so it can't hijack admin screens. There are many esc_*()...

...para identificar e quantificar os riscos envolvidos. 5.1. O Processo de Modelagem de Ameaças 6. As Vulnerabilidades do OWASP Top 10 2013: Apresenta, conceitua e discute cada uma das 10 vulnerabilidades mais comuns em Aplicações Web apresentadas no OWASP Top 10 2013. 6.1. A1: Injeção 6.2. A2: Quebra de Autenticação e Gerenciamento de Sessão 6.3. A3: Cross-Site Scripting (XSS) 6.4. A4: Referência Insegura e Direta a Objetos 6.5. A5: Configuração Incorreta de Segurança 6.6. A6: Exposição de Dados Sensíveis 6.7. A7: Falta de Função para Controle do Nível de Acesso 6.8. A8: Cross-Site Request Forger...

...para identificar e quantificar os riscos envolvidos. 5.1. O Processo de Modelagem de Ameaças 6. As Vulnerabilidades do OWASP Top 10 2013: Apresenta, conceitua e discute cada uma das 10 vulnerabilidades mais comuns em Aplicações Web apresentadas no OWASP Top 10 2013. 6.1. A1: Injeção 6.2. A2: Quebra de Autenticação e Gerenciamento de Sessão 6.3. A3: Cross-Site Scripting (XSS) 6.4. A4: Referência Insegura e Direta a Objetos 6.5. A5: Configuração Incorreta de Segurança 6.6. A6: Exposição de Dados Sensíveis 6.7. A7: Falta de Função para Controle do Nível de Acesso 6.8. A8: Cross-Site Request Forger...

Gostaria de um orçamento de um site para criação de salas de bate-papo, moderno, seguro, com sistema de contas vip (para vender), shop de emoticons (para vender), área para anúncios, comandos para usuários com admin e mods nas salas de chat, comando admin para administradores do chat, seguro contra sql injection, xss e outros tipos.. Código limpo, perfil personalizado, salas de bate-papo personalizadas, painel administrador poderoso, e tudo que uma comunidade de chat tem.

...instalado<br /><br />Classificação de risco<br />Médio<br /><br />Remendo SUPEE-6788 corrige vários problemas: em alguns casos, os hackers podem roubar suas senhas e dados de clientes. Lançado 27 de outubro de 2015<br /><br />patch de segurança 6285 (XSS, RSS)<br />não instalado<br /><br />Classificação de risco<br />Alto<br /><br />Remendo SUPEE-6285 corrige um vazamento onde os hackers podem assumir sessões do cliente e baixar listas de detalhes do pedido da sua loja através do recurso de RSS. Lançado 07 de julho de 2015.<br /><br />patch de segurança 6285 (XSS, RSS)<br />n&ati...

...Sixth: Security & Data: : Full compliance with the Personal Data Protection Law (PDPL) in Saudi Arabia and National Cybersecurity Authority (NCA) standards. : Encryption of all sensitive data (customer info, addresses, payments) using advanced protocols (e.g., AES-256) and securing connections via SSL/TLS. Security: Securing endpoints against attacks (SQL Injection, XSS) and using Two-Factor Authentication (JWT). Residency: Commitment to local data storage within Saudi Arabia as per regulatory requirements. Testing: Delivery of a report proving the system is free of security vulnerabilities, with Audit Logs for all sensitive operations. Support: Commitment to technical support and bug fixes for a period to be agreed upon. :

...encryption of a web application. Testing will focus on identifying potential security risks and providing recommendations for remediation. Scope of Work: • Audit the Authentication/Authorization flow (JWT/Laravel Sanctum). • Test for IDOR and Broken Access Control between user accounts. • Audit API security (integrations with AI and Property Data providers). • Check for OWASP Top 10 vulnerabilities (XSS, SQLi, CSRF). • Check for Insecure Webhooks and Hardcoded Secrets Requirements: • Proven experience with Laravel security. A sample report of a penetration test which you have conducted recently would be preferrable. • What are the certifications held by your company for penetration testing? • Ability to provide a detailed report with �...

I need a lightweight, web-based application that lets me assign tasks to each team member (one or more for a single task) and follow ... Hosting in cloud. 4. A short video or screenshare walk-through confirming every feature works. Acceptance criteria • I can add, edit, assign, and close tasks without page reload errors. • Login and logout flows are secure and session-based. • Dashboard updates reflect the latest status without manual refresh. • Code passes a quick vulnerability scan for common issues (SQL injection, XSS). If you already have a boilerplate you can adapt quickly, great—tell me. Otherwise, outline your proposed stack, timeline, and any questions you still have so we can get started. We are based in New Delhi. Local Developers pr...

...plugins or bloated builders Styling & Frontend Use SASS/SCSS for CSS development Deliver compiled and minified CSS & JavaScript Fully responsive and cross-browser compatible Performance Optimization Optimized page load speed Minified assets and optimized images Clean database queries Core Web Vitals–friendly setup Security WordPress security best practices Protection against common vulnerabilities (XSS, SQL injection, brute force) Secure configuration and file permissions SEO SEO-friendly HTML structure Clean URLs and proper heading hierarchy Schema-ready and performance-optimized for search engines Required Skills Strong experience with WordPress custom theme development Proven experience with ACF Experience with UnderStrap or Bootstrap-based themes PHP, HTML5...

...Sixth: Security & Data: : Full compliance with the Personal Data Protection Law (PDPL) in Saudi Arabia and National Cybersecurity Authority (NCA) standards. : Encryption of all sensitive data (customer info, addresses, payments) using advanced protocols (e.g., AES-256) and securing connections via SSL/TLS. Security: Securing endpoints against attacks (SQL Injection, XSS) and using Two-Factor Authentication (JWT). Residency: Commitment to local data storage within Saudi Arabia as per regulatory requirements. Testing: Delivery of a report proving the system is free of security vulnerabilities, with Audit Logs for all sensitive operations. Support: Commitment to technical support and bug fixes for a period to be agreed upon. :

...entry via virtual keyboard for at least two high-risk actions (password reset, resume download, account deletion). • Secure Logging and Audit – Log all critical actions (authentication, job posting changes, application status updates, admin moderation). – Logs must be tamper-evident using hash chaining or a private blockchain. • Defenses Against Attacks – Protection against SQL injection, XSS, CSRF, session fixation, and session hijacking. Data Storage Compliance – Passwords must be hashed and salted (bcrypt or Argon2). – Plaintext passwords must never be stored. – Sensitive documents must be encrypted with strict access control. • Scalability and Simultaneous Access – The system must support multiple concurrent...

...entry via virtual keyboard for at least two high-risk actions (password reset, resume download, account deletion). • Secure Logging and Audit – Log all critical actions (authentication, job posting changes, application status updates, admin moderation). – Logs must be tamper-evident using hash chaining or a private blockchain. • Defenses Against Attacks – Protection against SQL injection, XSS, CSRF, session fixation, and session hijacking. Data Storage Compliance – Passwords must be hashed and salted (bcrypt or Argon2). – Plaintext passwords must never be stored. – Sensitive documents must be encrypted with strict access control. • Scalability and Simultaneous Access – The system must support multiple concurrent...

...entry via virtual keyboard for at least two high-risk actions (password reset, resume download, account deletion). • Secure Logging and Audit – Log all critical actions (authentication, job posting changes, application status updates, admin moderation). – Logs must be tamper-evident using hash chaining or a private blockchain. • Defenses Against Attacks – Protection against SQL injection, XSS, CSRF, session fixation, and session hijacking. Data Storage Compliance – Passwords must be hashed and salted (bcrypt or Argon2). – Plaintext passwords must never be stored. – Sensitive documents must be encrypted with strict access control. • Scalability and Simultaneous Access – The system must support multiple concurrent...

...movie reviews and ratings • Admin can moderate or remove inappropriate reviews • Super Admin can manage admin accounts and enforce password rotation policies • Audit logs for all actions (logins, review submissions, deletions, role changes) • Notification system for suspicious login attempts Security Requirements (VERY IMPORTANT): • Protection against OWASP Top 10 vulnerabilities (SQL Injection, XSS, CSRF, SSRF, etc.) • Secure session management (HTTPOnly cookies, Secure flags, session timeout) • Password hashing using bcrypt/Argon2 with salting • TLS/SSL enforced for all communications • Input validation and output encoding on all forms • Encrypted data storage for sensitive information using AES • Tamper-evident logging a...

I need a security-minded developer to comb through the codebase of my web application, which mixes legacy PHP with a newer Python/Django API layer. A recent scan showed traces of hidden backdoors and the classic trio of injection issues—SQLi, XSS, and CSRF. Your first task is to locate and eradicate every backdoor, then patch the vulnerable entry points in both stacks without breaking existing features. Once the code is clean, I want the application redeployed to a fresh server image (Ubuntu-based) using best-practice hardening. After deployment, run functional and security regression tests so I can see proof that the patches hold under load and normal usage. Deliverables I must receive: • Sanitised source code with clear commit history • Brief report detailing e...

...and feature coding. First, I’d like you to perform a complete security audit: comb through every file, look for webshells or obfuscated code, review server logs, and check the configuration for common OWASP issues. Any backdoors you locate should be removed, and the vulnerable code that allowed them must be refactored. Next comes vulnerability patching. Parameterize raw SQL queries, neutralize XSS vectors, tighten CSRF protection, and update any outdated libraries—all while keeping everything framework-free and compatible with PHP 8.2 and MySQL 8. Once the codebase is clean, we’ll move on to secondary development. I have a short list of new modules and tweaks that build on existing functionality; you’ll receive detailed specs as soon as the system is de...

We are looking for an experienced Security Engineer / Penetration Tester to perform a pre-production security assessment of a web application. Tech stack Backend: Node.js (Express) Frontend: React Scope Black-box penetration testing against the live application Identification of OWASP Top 10 issues (XSS, SQLi, CSRF, IDOR, auth/session flaws) Authorization & RBAC testing (horizontal / vertical privilege escalation) Dependency security review based on provided files Review of security headers, cookies, and error handling Access Provided Application URL(s) Test user accounts (frontend & backend) Deliverables Security report with findings ranked by severity Clear remediation recommendations Re-test after fixes Requirements Proven experience securing Node.js and

...leaning toward Django because of its mature ecosystem and built-in security features, and I’d like the data persisted in a SQL database. Core features I must see working end-to-end: • Secure user registration, login, and role-based access • RESTful or GraphQL APIs that expose the app’s business logic • Thoughtful UI/UX that adapts smoothly to mobile and desktop • Solid security practices: CSRF, XSS, input validation, password hashing, HTTPS readiness • Performance-minded architecture that can scale without major rewrites Deliverables • React source with reusable components, hooks, and routing • Django project with modular apps, tests, and documented APIs • SQL schema migrations and seed data scripts • Deploy...

...similar—so future updates are painless. Acceptance criteria 1. User and driver apps install from the supplied APKs and pass through login, trip creation, tracking, and completion without crashes. 2. The admin dashboard reflects new and updated trips in real time. 3. All endpoints return the correct HTTP status codes, follow JSON standards, and are secured against common exploits (SQL injection, XSS, etc.). 4. Postman collection and a short read-me fully explain setup and usage. If you have solid experience juggling PHP, Kotlin, MySQL, and RESTful best practices, this should be a straightforward integration job with a quick turnaround....

...assigned tasks and modules Required Skills & Qualifications Strong proficiency in PHP with CodeIgniter (CI 3 / CI 4) Good knowledge of HTML, CSS, JavaScript, jQuery, AJAX Hands-on experience with MySQL / MariaDB Understanding of MVC architecture Experience with REST APIs (development & integration) Familiarity with Linux server environments Knowledge of basic security practices (SQL injection, XSS, CSRF) Experience with Git version control Ability to work independently in an onsite team environment Good to Have (Preferred Skills) Experience with Laravel (added advantage) Knowledge of React / Angular / Vue (basic understanding) Experience in eCommerce, ERP, CRM, or Government projects Exposure to AWS / Cloud hosting Understanding of performance optimization...

...assigned tasks and modules Required Skills & Qualifications Strong proficiency in PHP with CodeIgniter (CI 3 / CI 4) Good knowledge of HTML, CSS, JavaScript, jQuery, AJAX Hands-on experience with MySQL / MariaDB Understanding of MVC architecture Experience with REST APIs (development & integration) Familiarity with Linux server environments Knowledge of basic security practices (SQL injection, XSS, CSRF) Experience with Git version control Ability to work independently in an onsite team environment Good to Have (Preferred Skills) Experience with Laravel (added advantage) Knowledge of React / Angular / Vue (basic understanding) Experience in eCommerce, ERP, CRM, or Government projects Exposure to AWS / Cloud hosting Understanding of performance optimization...

...pengguna: • Mendaftar dan login dengan aman • Membuat profil, unggahan, dan interaksi (komentar & “like”) • Menerima notifikasi real-time Antarmuka wajib responsif agar nyaman di desktop maupun mobile browser. Tech stack dipersilakan—React, Vue, , Node.js, Laravel, Django, dan sejenisnya—selama stabil, mudah di-scale, serta disertai alasan pemilihannya. Keamanan (auth, enkripsi, proteksi XSS/CSRF) dan performa adalah prioritas. Deliverables: • Source-code lengkap di repository versi-kontrol • Skema database & skrip migrasi • Build siap deploy di server Linux • Dokumentasi instalasi, konfigurasi, dan panduan singkat penggunaan Sertakan portofolio proyek serupa dan estimasi waktu pengerjaan. Saya ...

...4s; CLS < 0.1; TTI < 5s; Page size < 1MB gzipped Optimization: Code-splitting by route, lazy loading, image optimization, tree-shaking, minification/compression, service worker caching, CDN 9. SECURITY REQUIREMENTS Auth: JWT Bearer, HttpOnly cookie storage, refresh, auto-logout on expiry Authorization: RBAC, permission checks, route guards, API interceptors Data Protection: HTTPS/TLS1.2+, CSRF, XSS prevention, input/output validation, CSP/secure headers Compliance: Audit logging, activity tracking, user action and auth-failure logs 10. DELIVERABLES BY PHASE Phase 1 (Weeks 1-3): Blazor setup (Web+MAUI), UI component library, layout/nav, auth pages, API service layer, state mgmt, responsive framework, CSS setup Phase 2 (Weeks 4-8): Dashboard, Requests (list/detail/create...

...NOT rely on unstable auto-generated artifacts. It must be solid and developer-friendly. Cross-Browser & Cross-Device Compatibility You will ensure the site: Works on latest versions of Chrome, Firefox, Safari, Edge Is responsive on desktops, tablets, and mobile devices Has graceful fallbacks for unsupported features Security Audit & Fixes Identify and patch typical vulnerabilities such as: XSS, CSRF, unsafe eval or inline JS Insecure dependencies Missing Content Security Policy (CSP) headers Improper input validation (if any user input exists) Testing Requirements Provide full testing along with documentation: Functional testing UI responsiveness testing Cross-browser testing Unit tests or integration tests where applicable QA checklist delivered with fin...

...Technical Specifications & Security • UI/UX: Modern, clean aesthetic using Tailwind CSS. Focus on fast load times and "glassmorphism" elements. • SEO & Speed: Implement Server-Side Rendering (SSR), schema markup for courses, and optimized image delivery. • Security: Enforce SSL throughout. All user data, especially wallet transactions and passwords, must be encrypted (Bcrypt/AES-256). Implement CSRF and XSS protection. 6. Admin Dashboard/User dashbord • Management panel to upload videos, track revenue, manage user wallets, and monitor referral payouts. 7. - Framework: 14+ (React-based) - Language: TypeScript - Styling: Tailwind CSS + shadcn/ui - State Management: Zustand or Redux Toolkit - Animations: Framer Motion - Charts/Analytics: Rechar...

I already run a marketplace powered by the PhpProBid script and now I want a dedicated front end that lets buyers manage auctions smoothly on every major platform. The core is auction management: browsing listings, tracking favourites, setting prox...short video walk-through showing the app connected to a staging server. Acceptance criteria • A buyer can register/login, browse categories, view an item, place a bid and receive confirmation—all without page refreshes. • When a higher offer is placed from another client, push notification appears on the test device within 5 seconds. • Code passes basic security review (no SQL injection or XSS vectors). If you have proven experience with PhpProBid integrations or live auction apps, let’s talk timelines...

My website needs a thorough security health-check. I want an ethical hacker to attempt real-world attacks, document every weakness, and explain how to close the gaps. Standard black-box and grey-box techniques are welcome, and I expect coverage of common web threats—SQL Injection, XSS, broken authentication, misconfigured headers, insecure direct object references, and anything else you uncover. Please probe the live production instance (no staging mirror is available), but keep service disruption to an absolute minimum and notify me immediately if you hit a critical point where downtime is possible. Burp Suite, OWASP ZAP, SQLMap, Nikto, Nmap, or your preferred toolset are all fine as long as your methodology aligns with OWASP Top 10 and produces reproducible results. Delive...

...to identify security vulnerabilities, assess potential attack vectors, and receive clear technical recommendations to improve the overall security posture of the platform. This is a legitimate, authorized security assessment. Written permission will be provided if required. Scope: Reconnaissance and information gathering Web application vulnerability testing (OWASP Top 10) SQL Injection, XSS, authentication and session issues Brute force and rate-limiting tests (non-destructive) Input validation and form sanitization Controlled exploitation (no service disruption) Social engineering, phishing, and physical access are out of scope unless agreed in advance. Deliverables: Clear pentest report List of vulnerabilities with risk levels Proof of concept (when applica...

I am building a feature-rich auction site on SQL Server with a clean MVC architecture and need a developer who can deliver a fast, secure, mobile-responsive exper...server, SQL Server for persistence, clean REST endpoints for future mobile apps, and responsive front-end templates that adapt flawlessly to phones, tablets, and desktops. Acceptance criteria 1. All three portals load under two seconds on 4G. 2. A fresh listing can pass from Seller → Buyer auction → Admin payout without any manual database tweaks. 3. Security tests show no SQL injection, XSS, or auth bypass vulnerabilities. 4. Codebase is handed over in a well-documented repo with build instructions. If you have delivered similar high-traffic auction or marketplace systems, let’s discuss your ap...

...backend with API-driven microservices architecture Integrate video streaming (Cloudflare Stream, Mux, or AWS IVS) Implement AI features: intelligent search, content recommendation, AI assistant, summarization Ensure multi-language support (Arabic & English) Create a flexible admin dashboard for content and user management Optimize performance and Core Web Vitals Maintain security best practices (XSS, CSRF, SQL Injection prevention) Optional / Bonus: Experience with Low-Code tools (FlutterFlow, ) for rapid feature testing is welcome, provided the platform remains custom, scalable, and AI-integrated. Requirements: Proven experience in + React for production platforms Strong backend development skills (Node.js / NestJS / Laravel) Experience integrating AI APIs / LLM...

...backend with API-driven microservices architecture Integrate video streaming (Cloudflare Stream, Mux, or AWS IVS) Implement AI features: intelligent search, content recommendation, AI assistant, summarization Ensure multi-language support (Arabic & English) Create a flexible admin dashboard for content and user management Optimize performance and Core Web Vitals Maintain security best practices (XSS, CSRF, SQL Injection prevention) Optional / Bonus: Experience with Low-Code tools (FlutterFlow, ) for rapid feature testing is welcome, provided the platform remains custom, scalable, and AI-integrated. Requirements: Proven experience in + React for production platforms Strong backend development skills (Node.js / NestJS / Laravel) Experience integrating AI APIs / LLM...

...can enable/disable subdomain per seller 10. UI/UX Requirements Instamart-style ultra-fast interface Minimal, clean, responsive UX Color option: White, Dark Green, Matte Black Highly optimized for speed & caching 11. Analytics & Reports Sales report (seller/category/HSN) Tax/GST report Delivery performance Seller acceptance metrics 12. Security & Compliance Secure payment integration XSS/CSRF protection Rate-limiting for APIs Indian data safety norms Encrypted PII handling New Advanced API Integrations (Mandatory) 14. GST Verification API Real-time verification Auto-fill business name, address, status Store GST data in KYC records Prefill invoice header 15. PAN Verification API Validate PAN via government-approved services Match PAN with name/D...

...Pages** - **Login/Register Pages** - **User Dashboard** - **Admin Dashboard** - **404 Error Page** ### 9. **Email Notifications** (Priority: MEDIUM) - Booking confirmation emails - Payment confirmation emails - Admin notifications for new bookings - Email templates with booking details ### 10. **Security Features** (Priority: HIGH) - Input validation and sanitization - SQL injection prevention - XSS protection - CSRF protection - Rate limiting - Secure session management - for security headers - Secure password storage - OAuth security best practices ### 11. **Image Management** (Priority: MEDIUM) - **Cloudinary integration** for image hosting - Image upload for tours - Image upload for blog posts - Image optimization and resizing - Multiple image support for tours ### 12. *...

Hi , Looking for .NET Code Security Expert is a professional specializing in building and auditing secure applications using Microsoft's .NET framework. Need to focus on secure coding practices, threat mitigation, secure design, validation controls, authentication/authorization, cryptography, and handling vulnerabilities like SQL Injection and XSS to protect against cyber threats, often certified through programs like CASE.NET. They integrate security throughout the Software Development Life Cycle (SDLC) Looking forward to your response. Regards, Dipak

...Complete a thorough security scan (manual review + preferred tools such as Drupal Security Review, OWASP ZAP, or your equivalent). 2. Pinpoint every SQL injection and XSS entry point left in the codebase or database. 3. Patch, update, or re-configure affected core files/settings, ensuring no functionality loss. 4. Provide a concise remediation report outlining: – Location of each vulnerability found – Exact fix applied – Recommended preventive measures for future deployments 5. Run final penetration tests to demonstrate that the site is clean and stable. Acceptance criteria • No detectable SQLi or XSS issues in automated scans and manual testing. • Site functionality intact across all existing user flows. • F...

...Pages** - **Login/Register Pages** - **User Dashboard** - **Admin Dashboard** - **404 Error Page** ### 9. **Email Notifications** (Priority: MEDIUM) - Booking confirmation emails - Payment confirmation emails - Admin notifications for new bookings - Email templates with booking details ### 10. **Security Features** (Priority: HIGH) - Input validation and sanitization - SQL injection prevention - XSS protection - CSRF protection - Rate limiting - Secure session management - for security headers - Secure password storage - OAuth security best practices ### 11. **Image Management** (Priority: MEDIUM) - **Cloudinary integration** for image hosting - Image upload for tours - Image upload for blog posts - Image optimization and resizing - Multiple image support for tours ### 12. *...

...Pages** - **Login/Register Pages** - **User Dashboard** - **Admin Dashboard** - **404 Error Page** ### 9. **Email Notifications** (Priority: MEDIUM) - Booking confirmation emails - Payment confirmation emails - Admin notifications for new bookings - Email templates with booking details ### 10. **Security Features** (Priority: HIGH) - Input validation and sanitization - SQL injection prevention - XSS protection - CSRF protection - Rate limiting - Secure session management - for security headers - Secure password storage - OAuth security best practices ### 11. **Image Management** (Priority: MEDIUM) - **Cloudinary integration** for image hosting - Image upload for tours - Image upload for blog posts - Image optimization and resizing - Multiple image support for tours ### 12. *...

...can extend over time, while keeping everything secure, scalable, and friendly on any screen size. Security & accounts The registration and login flow needs to use tried-and-tested password encryption (bcrypt or Argon2). No two-factor or biometric layers for now, but the architecture should leave room for me to add them later. Session handling must be immune to the usual threats: SQL injection, XSS, CSRF. Player wallet Each user keeps a real-time balance in a dedicated wallet table. I need deposit, withdrawal, and in-game debit / credit methods exposed through a simple API so that any future game can call them without touching business logic. Game integration framework Please wire the platform to recognise three game categories at launch: • Slot games • ...

...application flaws, and user-access control issues—before anyone else does. During the engagement I expect you to combine automated scanning (Nmap, Nessus, OpenVAS, Burp Suite or similar) with manual exploitation techniques so nothing slips through the cracks. That includes probing open ports and firewall rules, reviewing WHMCS hooks and custom modules for common web-app bugs such as SQL injection, XSS and CSRF, and testing privilege-escalation paths that could let an attacker pivot to root or other service accounts. If you spot bad crypto practices or misconfigured file permissions, highlight them too. Deliverables: • A concise executive summary plus a detailed technical report that maps every finding to a severity rating (CVSS preferred). • Proof-of-concept e...

...Specific user and quiz-related API actions needed. • CI/CD and deployment environment: • Details on preferred hosting and pipeline tools. • Access and environment setup information. • Documentation and handoff format: • Preference for Swagger or Postman for API docs. • Format and duration for the handoff session or screencast. Security expectations: • Confirm level of security measures (CSRF, XSS, HSTS) and compliance requirements if any. • Authentication flows (JWT, OAuth 2.0) and token expiration policies. Analytics and reporting details: • Metrics and reports expected at Physician and Super Admin levels. • Types of filters, date ranges, and export features needed. Budget and timeline confirmation: • Budget li...

...staging environment along with any credentials or sample data you need. From there, please explore every feature, workflow, and edge case to confirm that everything works exactly as intended across modern browsers. At the same time, evaluate the user experience: navigation, layout, wording, and overall intuitiveness. Finally, put your security-tester hat on and probe for common vulnerabilities such as XSS, CSRF, and authentication or session issues. Deliverables • A concise test plan outlining your approach • Detailed bug and issue log with reproduction steps, screenshots or recordings where helpful • Severity ratings and prioritised recommendations • A short usability summary highlighting friction points and suggested improvements • Security fin...

...polish Some TypeScript improvements needed Missing database indexes Rate limiting not implemented No staging environment Some RTL layout issues What We Need: 1. UI/UX Optimization Mobile-first redesign Responsive layouts for all devices User flow optimization Loading states & animations Form UX improvements Accessibility (WCAG) PWA features 2. Security Full security audit Fix vulnerabilities (XSS, CSRF, SQL injection) Rate limiting & DDoS protection Input sanitization Dependency audit 3. Performance Database optimization (indexes, N+1 queries) Redis caching implementation Bundle optimization Core Web Vitals improvement Image optimization & CDN 4. DevOps CI/CD pipeline setup Docker containerization Monitoring & logging (Sentry, Grafana) Automated backups Stagin...