Penetration Testing Jobs

I want my Flutter app thoroughly tested against the OWASP Mobile Security Testing Guide so I can certify it has zero security bugs. For this engagement I’m concentrating specifically on Authentication—everything from credential handling to session management. Key points • Scope: full review of authentication workflows in the current production build of the Flutter app (Android + iOS). • Standard: follow the official OWASP methodology; no additional in-house policies need to be considered. • Deliverables: – Executive summary highlighting discovered issues (ideally none) and overall risk posture. – Detailed technical report with proof-of-concept steps, affected code paths, and recommended fixes for every finding. – Retest results ...

I’m building a security stack on Ubuntu machines and need someone to set up the full pipeline for me. Nothing is installed yet, so the work starts from a clean slate. First, install the Wazuh server with its web dashboard on an Ubuntu host, making sure the Elastic components come up healthy and ready for custom indexes. Then deploy Wazuh agents on the remaining Ubuntu endpoints. Next, install Suricata IDS/IPS on those same agents, configure the correct rule sets, and ensure its alerts are forwarded into Wazuh so I can view and search them inside the Wazuh dashboard in near-real time. Please expose at least one sample dashboard or index pattern showing that Suricata events are mapping correctly. Finally, clone and build Gatekeeper from , integrate it with Suricata, and demonstrate ...

Project Title: End-to-End Penetration Testing (Web + Mobile + API) for Tele-Consultation & Hospital Management Platform Project Overview We are seeking an experienced cybersecurity professional or firm to perform a comprehensive Vulnerability Assessment and Penetration Test (VAPT) on our digital health ecosystem. The system consists of a Flutter-based mobile app (Android/iOS) and a web portal hosted on AWS. The goal is to conduct a real-world attack simulation and identify vulnerabilities across all layers—network, application, and data. Scope of Engagement The engagement will cover end-to-end testing for the following assets: Web Applications [Link 1]: Patient, Doctor, and Hospital portals [Link 2]: Admin panel for internal management [Link 3]: Admin dashboard (explicitly...

I need a seasoned security team to perform a full-scale Vulnerability Assessment and Penetration Test (VAPT) on our AI-driven platform. The product sits at the heart of our organisation and is tightly integrated with an ERP suite plus several smaller services, so I’m primarily interested in uncovering overall system vulnerabilities that could compromise data, models, or business workflows. The scope includes every live environment we operate—web front-end, API layer, model-serving infrastructure, and the ERP touchpoints. I expect the exercise to mirror real-world attack paths, leverage both classic OWASP techniques and AI/ML-specific vectors, and probe the trust boundaries created by the ERP integration. To succeed here you must be able to reference prior VAPT projects of com...

Project Title: End-to-End Penetration Testing (Web + Mobile + API) for Tele-Consultation & Hospital Management Platform Project Overview We are seeking an experienced cybersecurity professional or firm to perform a comprehensive Vulnerability Assessment and Penetration Test (VAPT) on our digital health ecosystem. The system consists of a Flutter-based mobile app (Android/iOS) and a web portal hosted on AWS. The goal is to conduct a real-world attack simulation and identify vulnerabilities across all layers—network, application, and data. Scope of Engagement The engagement will cover end-to-end testing for the following assets: Web Applications [Link 1]: Patient, Doctor, and Hospital portals [Link 2]: Admin panel for internal management [Link 3]: Admin dashboard (explicitly...

My production server has picked up malware and I need it wiped clean fast. The job starts with a forensic sweep to locate every infected file or process, moves on to complete removal, then finishes with hardening so the threat stays out. I’ll confirm the exact OS once we connect, but please be ready to work on either a typical Linux or Windows Server stack. What I expect: • A live assessment that pinpoints the infection source and scope • Full eradication of malware/viruses without taking the server offline for long • Security patches, firewall rules, and intrusion-detection tools put in place • A short, clear report detailing what you found, what you did, and any steps I should take next Verification will be done with a trusted scanner of your choice (C...

I’m looking for an experienced cybersecurity professional to carry out a focused security audit on my environment. The primary objective is to identify vulnerabilities that could expose our data, users, or infrastructure to risk. Scope • Perform a comprehensive assessment of configuration, access controls, and exposed services across the in-scope systems. • Verify findings through safe exploitation techniques where appropriate, gathering clear evidence for each issue. • Prioritize every weakness by severity and potential impact, highlighting quick-win fixes alongside longer-term recommendations. • Deliver a concise, reader-friendly report that includes an executive summary, technical details, and step-by-step remediation guidance. What I will provide &...

I need a comprehensive vulnerability assessment of my website’s application layer so I can pinpoint any security weaknesses before they are exploited. The focus is strictly on application security—network-level checks are out of scope. During the engagement you will probe common and advanced attack vectors (injection flaws, authentication bypass, XSS, insecure direct object references, misconfigurations, etc.) using industry-standard tools and manual techniques. All testing must respect production stability; disruptive tests should be scheduled or simulated in a safe manner. Deliverables • Executive-level summary highlighting overall risk • Technical report enumerating each finding with CVSS (or comparable) severity, clear reproduction steps, screenshots or PoC co...

Please read the attached document .I’m putting together a small Capture-the-Flag exercise and need a web-based challenge that revolves around an intermediate-level SQL Injection vulnerability running on a MySQL back-end. The goal is a concise, self-contained project that players can spin up quickly, find the injection point, extract the hidden flag, and shut it down again without extra setup headaches. What I expect from you Only one main exploit path. Keep privilege escalation/boot-to-root complexity out. Vulnerabilities must be realistic (OWASP style) and plausible in real pentests. No destructive or malicious code. No backdoors or code that attempts to harm evaluation systems. No plagiarism. The submission will be rejected if it replicates an existing public challenge. Pr...

My Windows Server has been hit by ransomware that encrypted core system files (.exe, .dll). I have no usable backups or restore points, so I need a clean, working decryption solution—ideally one that restores every affected file without forcing a full system rebuild. Here’s what I’m looking for: • Identify the exact ransomware strain and locate the encryption routine or key. • Decrypt all system-critical files so the server can boot and services can run normally. • Provide a concise, step-by-step report of the actions you take and any tools used (e.g., IDA, Ghidra, specialized decryptors). • Recommend immediate hardening steps to reduce reinfection risk once the server is back online. I can supply samples of the encrypted .exe/.dll files and ...

I run a production web application that stores sensitive user data and I need fresh, expert eyes on the way we handle log-ins, sessions, and permissions. Your task is a focused penetration test that digs into every corner of our authentication and authorization flow. Think login endpoints, MFA logic, password-reset, session tokens, role escalation—the usual weak spots that end up on OWASP lists. I will give you staging credentials and any architecture notes you need, then step back so you can map, probe, and attempt to break the system exactly as a determined attacker would. Please use industry-standard tooling (Burp Suite, OWASP ZAP, custom scripts—whatever you trust) and document each step clearly so we can reproduce and patch. Deliverables • A concise, executive-lev...

My Android handset shows clear signs of compromise—unexplained battery drain, pop-ups I never installed, and contacts reporting strange messages from my number. I need a cybersecurity specialist to: • Remotely collect and analyse device logs (logcat, ADB, mobile-forensic tools) to confirm the breach source. • Pinpoint how the attacker gained access and what malicious apps, backdoors, or configuration changes are present. • Protect the two data areas I care about most: personal photos & messages and all stored or synced account passwords/credentials. • Clean the device or guide me through a full, verifiable wipe and secure re-installation of the OS if required. • Deliver a concise incident report detailing findings, actions taken, and clear next-s...

I’m looking for an experienced, strictly white-hat security professional to run a thorough audit of our existing defences. We already have comprehensive systems in place, yet I want an independent assessment that digs deeper than our routine checks. Scope The engagement must cover three key layers: network security, web application security, and endpoint security. I expect you to evaluate how these layers interact, identify any overlooked gaps, and verify the effectiveness of current controls without disrupting live services. Methodology Use recognised, non-intrusive techniques that align with best-practice frameworks (e.g., NIST, OWASP). Tool choice is up to you—Burp Suite, OWASP ZAP, Nmap, or similar—as long as every test remains within white-hat boundaries and is...

Buscamos Ingeniero Colombiano en Ciberseguridad con certificación CEH vigente (por proyecto) Estamos en la búsqueda de un profesional certificado en CEH (Certified Ethical Hacker) EC- COUNCIL vigente, para participar en un proyecto de licenciamiento y fortalecimiento de ciberseguridad. Se trata de una participación por proyecto para aportar su conocimiento en seguridad ofensiva y auditoría de vulnerabilidades. Requisitos: Certificación CEH (EC-Council) vigente. Experiencia demostrable en ciberseguridad o pruebas de penetración.

需要精通网络安全技术和渗透技术，因为得确保网络安全和用户安全

Saya memiliki sebuah aplikasi desktop yang stabil secara fungsional, namun aspek keamanannya masih belum memuaskan. Fokus utama proyek ini adalah peningkatan fungsionalitas khusus pada keamanan sistem: saya ingin menutup celah kerentanan, memperkuat autentikasi, dan memastikan data tersimpan serta ditransmisikan secara terenkripsi. Gambaran pekerjaan • Audit kode sumber yang ada untuk mengidentifikasi potensi celah keamanan. • Rancang dan terapkan perbaikan—mulai dari hardening konfigurasi, input validation, sampai enkripsi data in-rest dan in-transit. • Tambahkan lapisan autentikasi dua faktor dan logging yang memadai untuk keperluan forensik. • Lakukan penetration testing pascapenerapan dan serahkan laporan uji lengkap beserta rekomendasi lanjutan. &b...