Concluído

Pentration testing of our web site

We would like an experienced person to perform penetration testing of our web site. this is the scope of work

This is very urgent.

Scope of Work.

The Freelancer will perform an Application Penetration Testing to identify vulnerabilities in applications residing on Customer’s networked systems that offer user or inter-process interfaces, such as web applications and “thick” clients. The Application Penetration Testing will examine Customer’s application’s components and technologies to identify vulnerabilities in systems, server systems, static content, and server-side programs that implement the application logic.

The Freelancer will identify common and more unique application flaws. The Freelancer will test for common application flaws, such as stack overflows and format string issues. In addition, The Freelancer will examine the application’s underlying design for unique vulnerabilities that may not be easily recognizable during a more superficial investigation.

The Freelancer will perform a variety of checks, based on industry-specific guidance, industry practices and standards. As determined necessary by The Freelancer, application components will be tested for improper configuration, session tracking weaknesses, encryption implementation and strength, input validation, flaws in server-side executables, and sensitive or unnecessary information within HTML content.

The Freelancer will perform application security testing of the Customer’s applications through automated web application scanning as well as manual application functionality testing. The Freelancer’s testing techniques will consist of:

· Input validation bypass – The Freelancer will remove client side validation routines and bounds-checking restrictions to confirm controls are implemented on application parameters sent to the server.

· SQL injection – The Freelancer will submit specially crafted SQL commands in input fields to validate input controls are in place for the protection of database data.

· Cross-site scripting – The Freelancer will submit active content to the application in an attempt to cause a user's web browser to execute unauthorized and unfiltered code. This test is meant to validate user input controls.

· Parameter tampering - The Freelancer will modify query strings and parameters, and hidden fields in an attempt to gain unauthorized access to user data or application functionality.

· Cookie poisoning – The Freelancer will modify data sent in cookies in order to test application response to receiving unexpected cookie values.

· User privilege escalation – The Freelancer will attempt to gain unauthorized access to administrator or other users’ privileges.

· Credential manipulation – The Freelancer will modify identification and authorization credentials in an attempt to gain unauthorized access to other users’ data and application functionality.

· Forceful browsing – The Freelancer will enumerate files located on a web server in an attempt to access files and user data not explicitly shown to the user within the application interface.

· Backdoors and debug options –The Freelancer will identify code left by developers for debugging purposes that could potentially allow an intruder to gain additional levels of access.

· Configuration subversion –The Freelancer will assess Customer’s web servers and application servers for improper configurations that could create attack vectors.

· Test Environments – Some Applications (as defined below) to be tested will be in a Customer test or development environment.

Habilidades: Segurança de computadores, Teste de Software, Testes / Garantia de qualidade, Testes de Usabilidade

Veja mais: testing web site, Develope project in vfp to access any pc throught internet by using our web site just like team viewers , application testing,web-site testing,webbased testing, penetration testing tutorial, network security testing tools, veracode penetration testing, top 10 security testing tools, pen testing companies, pentest, penetration testing tools, vulnerability testing tools, php, software testing, computer security, javascript, testing / qa, we do underground directional boring and design a simple 3 page web site, any web site to hire marketing person, web site testing beta testing various user scenarios, freelance job websites list application security penetration testing web site security

Acerca do Empregador:
( 12 comentários ) Sydney, Australia

ID do Projeto: #17291809

Concedido a:

azfar672

QA|Software|Security|Testing|QMR|Project Management|Scrum Master|Test Lead Software Testing for almost 10 years of experienced. - Experienced in Testing of Web, desktop, mobile Apps, (such as Iphone & Android Techno Mais

$22 AUD / hora
(25 Comentários)
4.8

9 freelancers estão ofertando em média $20/hora para esse trabalho

vihangaheshan

Hi, I can complete this task. Please share more details with me. We can have a chat for further discussion. Completed Msc in Cyber Security. I have two bachelor degrees (Networking and Computer Science). And I ha Mais

$22 AUD / hora
(18 Comentários)
4.1
xiqian88

Hello, Senior. How are you? I have experience 7+ years in developing .NET, Laravel, node.js, angular.js, react.js and Python Frameworks. Additionally, I have experience in Android and iPhone. I will work for you all Mais

$30 AUD / hora
(2 Comentários)
3.3
mirgorodskyev

Hello, I can take this job, the total fee is ~ 2500 $ Look my profile please, I ready to answer any your questions.

$22 AUD / hora
(2 Comentários)
2.2
AhmedAHakim1

I have been working as QC tester for around a year now, still junior but i can detect most bugs on your website.

$15 AUD / hora
(0 Comentários)
0.0
RameshMarand

Hello Mate, Hope you are doing well. We have highly experienced team of Testers who can surely help you in Penetration testing of your website. Here is our testing portfolio link:- http://www.shaligraminfotech.c Mais

$20 AUD / hora
(0 Comentários)
0.0
Fenil2283

i am qualified in CEH security exam . for long time am in this filed

$22 AUD / hora
(0 Comentários)
0.0
$16 AUD / hora
(0 Comentários)
0.0
itsallaboutcloud

Consolidating my past involvement in AWS,Azure Administration,Ethical Hacking, Incident Response, IT Security Governance, and Project Management with solid relational and correspondence capacities, I am sure that I ca Mais

$15 AUD / hora
(0 Comentários)
0.0