I need a one time security scan of a web application and the server the application is running. What needs to be scanned and reported on in a nice Word doc is: * blackbox (mainly): check if it is possible to break into the web application, or the (web) server (i.e. sql injection, code injection, too much rights, etc) * short scan of the php code, the IIS settings and file level permission settings to analyze for risks. (you'll be given RDP admin access to check this) Please let me know what you'll be scanning and what your price is. The webapp is about 15 users and admin pages for selling tickets. It should be max 1 day of work. Bids without any info on what will be checked for and info on relevant expierence will be ignored. As a small test, the best 3 candidates will get a example of a past break in and they should explain how it was possible.
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):
a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.
3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).
Windows 2003 server,IIS, PHP, access database