Pruebas de Penetración Jobs

I run a set of paper-trading websites and companion mobile apps and I need a seasoned ethical hacker to put them through a full-scale penetration test right away. The single goal is to assess their overall security: break in if you can, show me exactly how you did it, and tell me how to close every gap you discover. You will have production-like credentials and enough time to perform reconnaissance, exploitation, privilege escalation, and post-exploitation analysis. I expect a concise report that ranks each finding by risk, reproduces the steps taken, and recommends clear fixes I can hand straight to my developers. Any tooling is fine—Burp Suite, OWASP ZAP, Kali Linux, custom scripts—so long as the results are thorough and defensible. I need this done ASAP, so please reply wi...

I want a full-scale penetration test carried out against my in-house mobile application suite, which is live on both iOS and Android. The goal is to uncover real-world attack paths, confirm their impact, and give my developers a crystal-clear remediation plan before our next public release. Scope • Assess the compiled apps as they stand in production, plus the traffic they generate with our back-end APIs. • Cover the OWASP Mobile Top 10 and any platform-specific issues unique to iOS or Android (e.g., keychain misuse, insecure storage, WebView hijack, exported components). • Test from the standpoint of an external attacker with no prior credentials; privilege-escalation paths up to an admin account should also be explored. What I need from you 1. A concise testing...

I’m looking for a seasoned ethical hacker to take a deep dive into my production-level web applications and help me harden them against real-world threats. The goal is straightforward: expose anything that could be exploited and give me clear, actionable steps to strengthen security. You’ll have full, authorized scope to simulate attacks just as a malicious actor would—SQL injection, cross-site scripting, authentication bypass, misconfigured cloud services, the works—while staying within the bounds of responsible disclosure. Modern tooling such as Burp Suite Pro, OWASP ZAP, Kali Linux and manual code-review techniques are welcome, provided every finding is thoroughly validated. Deliverables: • A comprehensive report that ranks each vulnerability by severity a...

I need a seasoned security specialist to dive into our online card-and-board-game platform and expose any path an ordinary player might use to escalate privileges through the interface. That is the single most critical outcome of this engagement. While you work, I also want you to examine the WebSocket layer—specifically its data-encryption implementation—to be sure that every message travelling between client and server stays confidential and tamper-proof. You’ll be looking at live traffic the same way a determined attacker would, so expect to spend time in Wireshark or a similar PCAP tool as you capture sessions, replay them, and probe for weaknesses. If deeper packet analysis or anomaly hunting becomes necessary, I’m open to extending the scope, but the first mi...

As we prepare to launch our online-security startup, I need a seasoned penetration tester to run a full-spectrum assessment that spans network, web and mobile layers. The scope touches every corner of our stack—cloud resources, the internal LAN, and the publicly exposed perimeter—so you’ll be diving into each environment with equal depth. Primary objectives • Expose and document vulnerabilities before launch • Provide clear, actionable fixes that bring us in line with relevant compliance frameworks • Cross-check findings with our in-house AI analytics so we can validate security controls continuously Deliverables • An engagement plan outlining tools, timelines and test boundaries • Hands-on testing covering: – Network infrastru...

pentest laravel webapplication

We need an independent third-party penetration test of our production SaaS platform to satisfy a SOC 2 control. We're looking for an experienced, certified penetration tester (OSCP / OSWE / GWAPT / CREST or equivalent) who can start immediately and deliver a professional, audit-ready report. TIMELINE — TIME-SENSITIVE: We need the testing performed and the final report delivered within 1 week of kickoff. Please only bid if you have current availability. ABOUT THE SYSTEM (full details and credentials shared under NDA with the selected tester): - Customer-facing web application: / React / TypeScript - Backend: Python / Django / Django REST Framework API - Authentication: Keycloak (OIDC) — username/password, social login, TOTP/MFA - Two supporting Python/Django microservices ...

I need a thorough penetration test focused exclusively on phones, with coverage for both Android and iOS devices. The goal is to identify real-world attack paths, verify exploitability, and provide clear, actionable remediation guidance. I expect you to approach this as a black-box engagement that mirrors an external attacker’s perspective, diving into areas such as code weaknesses, insecure storage, improper platform usage, and over-permissive network calls. Please plan to use industry-standard tooling and methodology—think OWASP Mobile Top 10 checks with MobSF, dynamic analysis through Burp Suite or mitmproxy, runtime instrumentation via Frida, and network traffic inspection with Wireshark—while documenting every finding with proof of concept evidence and reproducible ...

انتهيت تقريباً من تطوير موقعي الخدمي المبني على نظام مخصص يحمل اسم “Lovely”، وأحتاج الآن إلى عين خبيرة تتولى المرحلة الحاسمة قبل الإطلاق. المطلوب هو إنجاز الآتي: • تنفيذ اختبار اختراق (Pen-Testing) شامل يحدد أي ثغرات ويسلّم توصيات قابلة للتنفيذ. • تحليل الشيفرة المصدرية للتأكد من جودة الكود وامتثاله لأفضل ممارسات الأمان. • مراجعة إعدادات الخادم (Firewall، SSL/TLS، Headers، DNS وغيرها) وضبطها نهائياً. بعد إقفال المسائل الأمنية أريد متابعة دعم لمدة شهر بعد الإطلاق: الردّ على الأحداث الطارئة، تطبيق التحديثات والتحسينات الصغيرة، وتقديم نصائح دورية للحفاظ على الأداء. هناك فكرة مطروحة بسحب بيانات الموقع إلى منصة جاهزة بديلة؛ أود سماع رأيك المهني أولاً قبل اتخاذ قرار الانتقال من البنية الحالية. سلّم لي في نهاية العمل: 1. تقرير مفصل عن الثغرات والإصلاحات. 2. ...

Our BGMI (Battlegrounds Mobile India) infrastructure occasionally freezes when traffic surges. I want to put a permanent stop to that by building a preventive DDOS shield that covers every critical touch-point—login, in-game communication, and matchmaking. You will begin with a quick audit of the existing network layout and traffic patterns, then design and deploy a solution that blocks volumetric and application-layer attacks before they can overwhelm the servers. I expect minimal additional latency for legitimate players, clean documentation of every rule or service introduced, and a repeatable playbook I can apply to new nodes as we scale. Deliverables • Security architecture diagram and written rollout plan • Hardened configurations applied to the login, game, a...

Long-Term Full Stack Developer ( / React / TypeScript) + Security Mindset We are looking for a proactive Full Stack Developer to join a growing maritime software startup for an intensive one-month engagement, with a strong possibility of transitioning into a long-term role. The application is already well advanced. The goal is to spend the next month strengthening the platform, eliminating weaknesses, improving security, refining workflows, and preparing the product for production deployment. Current Technology Stack * Frontend: , React, TypeScript * Backend: API Routes, Server-Side TypeScript * Database Layer: Repository Pattern (currently local/demo data, production database integration planned) * Authentication: Role-based access control, demo users, private portal workflows * Inte...