I am reaching the last phase to improve the security of my website.
First phase: Was an audit to show the shortcomings.
Second phase: Improving the short comings, this phase is going on right now.
Third phase: Check the improvements to see if the website is secure.
Thus for this third phase I am looking for an Certified Ethical Hacker or a real expert, who can check wether the improvements are implemented successfull.
I have a detailed audit report with the shortcomings, so it will be relatively easy to check it. I will forward this to you after accepting the bid.
But the area's to check are "Web application penetration testing", with the following issues:
1. Web server version revealed banner [Informational]
2. Auto complete enabled on login page [Low]
3. Session cookie set before authentication [Low]
4. Cross Site Scripting (throughout the entire site) [Medium]
5. Privilege escalation [High]
6. SQL injection (throughout the entire site) [High]
7. Authentication bypass through SQL injection [High]
Because a lot of work has been done already and a detailed report is available, I expect a maximum bid around 100 - 150 USD. A lower bid, with proven experience in this area, gives you of course a better chance.
You can start right away, because point 2,3, and 6 are already done, other points are expected to be delivered by the end of this week.
My intention is to test this frequently, thus in case you deliver good work.......
Looking forward to see your bid.
2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):
a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.