Find Jobs
Hire Freelancers

Web Security Testing

$30-100 USD

已关闭
已发布将近 5 年前

$30-100 USD

货到付款
We have a website with a IIS web frontend and SQL database on the backend. We will conduct a web security test of the site. We need a tool, collection of tools or custom scripts to conduct the test. We also need a playbook of how to conduct the test with syntax, click scripts and notes. The testing must be based on OWASP top 10 or other web security framework. Web tests should include injections (SQL, command, HTML), authentication (session/token stealing, auth. bypass and priv. escalation, replay), XML attacks (XXE), XSS, common IIS misconfigurations, directory traversal/crawling, SSL sniffing, Man-in-the-Middle attacks, memory attacks (buffer overflow), Denial of Service, and fuzzing. The tools or scripts must be open source, available or provided as part of the project. The actual web testing will be conducted in house, we do not need you to perform any actual testing.
项目 ID: 19118125

关于此项目

11提案
远程项目
活跃5 年前

想赚点钱吗?

在Freelancer上竞价的好处

设定您的预算和时间范围
为您的工作获得报酬
简要概述您的提案
免费注册和竞标工作
11威客以平均价$122 USD来参与此工作竞价
用户头像
Hi there! May Peace Be Upon You !! I am a certified ethical hacker and pen tester. I just love hacking and breaking the rules, but don’t get me wrong as I said I am an ethical hacker. @Certified at Ethical Hacking @Certified at WEB APP SECURITY FUNDAMENTALS @Certified at Website Hacking / Penetration Testing @Certified at Cyber Security Forensics Main Skills: Penetration Testing, Web Application Security. Social Engineering, Red team assessment, Ethical Hacking & Countermeasures, Malware Analysis. I provide a variety of security services including white/black hat penetration testing, network and host auditing, Policies and Business Impact Analysis. I will do OWASP Top 10 Application Security Pentesting. A1:2017-Injection A2:2017-Broken Authentication A3:2017-Sensitive Data Exposure A4:2017-XML External Entities (XXE) A5:2017-Broken Access Control A6:2017-Security Misconfiguration A7:2017-Cross-Site Scripting (XSS) A8:2017-Insecure Deserialization A9:2017-Using Components with Known Vulnerabilities A10:2017-Insufficient Logging&Monitoring Please Contact me anytime if you are really looking forward to the quality and world-class work delivered to you. It will be a pleasure to work with you. See you online and have a great day! Warm regards, Shofiur
$250 USD 在10天之内
5.0 (18条评论)
5.5
5.5
用户头像
Hello Hope you are doing well. I have 6 years of experience in Linux and Web security. I can do this web security testing. Regards VishnuLal*
$100 USD 在10天之内
4.8 (33条评论)
5.0
5.0
用户头像
Hey there, I have been in the Information Security arena for years. I had conducted tons of Penetrations Tests. I can help you selecting the appropriate tools. Regards.
$100 USD 在10天之内
5.0 (13条评论)
4.7
4.7
用户头像
Have 5+ years of experience in both black box and white box testing penetration testing. Perform VAPT(Vulnerability and penetration testing) services like Web-Application penetration testing; System Application penetration testing; Mobile application penetration testing; Network application penetration testing; social engineering penetration testing etc. Conduct penetration testing in a systematic approach. Follow the standard methodology of the industry like OWASP Testing Guide v4(OTGv4) ; SANS top 25; NIST SP 800-115; PCI DSS to perform penetration testing so that client can concentrate on their professions without worrying about security threats. Web Application Testing: Do web application penetration testing with the latest methodology like OWASP Top-10, SANS Top-25. Perform both manual and automated penetration testing for vulnerabilities like Injection flaws(such as SQL, NoSQL, OS, and LDAP injection etc),Broken Authentication, Sensitive Data Exposure,XML External Entities (XXE), Broken Access Control,Security Misconfiguration, Cross-site scripting(XSS), Insecure Deserialization, Using Components with Known Vulnerabilities,Insufficient Logging & Monitoring. Also perform source code reviews for many technologies like java, .NET, PHP etc. Approach for Manual Web-Application Penetration Testing: Conduct manual testing with following controls: * Configuration and Deployment Management Testing * Identity Management Testing * Authentication Testing * Authorization Testing
$111 USD 在2天之内
5.0 (9条评论)
4.4
4.4
用户头像
Hello Sir/Madam, I am a highly experienced and skilled cyber security consultant. I have 9 years of experience in the navy as a network and information security officer. Also i have experience as a freelancer. I have Master Degree and PhD. candidate on Computer Engineering and Cyber Security. If you awarded me with your project i will not test your website with tools. I will also perform manuel tests to hijack your web site. After the first test i will give you a 2 week time to recover your web site then i will perform one more free test to see if the detected vulnerabilities are recovered. If you are interested in my proposal please contact with me on live chat. Also if you need, i can send you some of my sample works. I see that there are cheaper Freelancers than me, but you can be sure that you will be satisfied with my services. If you prefer a cheaper service anyway, i can omit manuel tests and test with your website only with automatic tools. Regards.
$150 USD 在7天之内
5.0 (1条评论)
2.7
2.7
用户头像
This my contact 21969682726, i am have certificate of Udemy if necessary. I am new in Freelancer, but i am promise give my best.
$156 USD 在10天之内
0.0 (0条评论)
0.0
0.0
用户头像
Dear sir or Madam I you will have to start out with building a lab vb or vmware there are a lot of tools once you get the lab up you can download the kali linux or blackbox or even samurai these are all os systems they carry all the tools you will need I use kali linux and samurai are the two i use the most for the tools you can run the scans your self but the scans can only do so much you will have to hack code by hand depending on the type of injection you wish to yous or sql injection same thing first start by search for weakness of your system your are testing the iis and the mysql version their are a lot of sheets you will have to read threw them all and find the weakness of the system then you will test for the others most great test's are hand coded test it is just go to github and get the white-sheets they have a couple hundred sheets I have a couple on my github site and you will also have to test blind injection which is all blind coding to see if their is a issue in that area the list is pretty long on what you will need to learn best of luck to you sir or madam
$72 USD 在10天之内
0.0 (0条评论)
0.0
0.0
用户头像
I founded the Open Web Application Security Project (OWASP) San Diego Chapter 14 years ago. I have been providing security consulting since 1994 and have the following qualifications: CISSP CISM COBIT ITIL SANS Mentor CISSP Founder San Diego OWASP Founder San Diego Cloud Security Alliance
$111 USD 在2天之内
0.0 (0条评论)
0.0
0.0
用户头像
I will perform the static, dynamic and manual assessment with number of open source tools. Also I will verify the issue manually and provide the good remediation to fix the issue. At last day I will provide the good assessment report with details description and proof of concept.
$111 USD 在10天之内
0.0 (0条评论)
0.0
0.0

关于客户

UNITED STATES的国旗
West Linn, United States
0.0
0
付款方式已验证
会员自4月 2, 2019起

客户认证

谢谢!我们已通过电子邮件向您发送了索取免费积分的链接。
发送电子邮件时出现问题。请再试一次。
已注册用户 发布工作总数
Freelancer ® is a registered Trademark of Freelancer Technology Pty Limited (ACN 142 189 759)
Copyright © 2024 Freelancer Technology Pty Limited (ACN 142 189 759)
加载预览
授予地理位置权限。
您的登录会话已过期而且您已经登出,请再次登录。