渗透测试 Jobs

我手上有一个具体的网页游戏站点，需要对它进行一次聚焦性的安全测试。目标是找出并复现「访问控制漏洞」，并最终提供一份可复用的脚本或小程序，帮助我在之后的版本中快速验证漏洞是否仍然存在。 重点说明 1. 站点类型：网页游戏。 2. 漏洞方向：我最关心的是访问控制层面的缺陷。 3. 其他说明：提问时我把“特定游戏网站”写在了漏洞类型一栏——请以此理解为“目标已锁定的单一站点”。 交付物 • 渗透测试步骤与发现过程的技术报告（含关键截图、复测方法）。 • 可执行的 PoC 脚本 / 程序，要求： – 一键运行即可验证漏洞是否存在； – 控制台输出清晰，必要时附使用说明。 合作须知 • 所有测试必须在我授权的演示环境中进行，严禁对正式生产环境造成干扰。 • 请在开始前与我确认测试窗口与目标域名。 • 代码可用 Python、Go 或您擅长的语言编写，只要依赖简单、易复现即可。 如果你在网页游戏安全、访问控制绕过或自动化 PoC 编写方面有成熟经验，就联系我讨论更多细节。

Saya mencari ahli yang dapat memberi saya konsultasi keamanan jaringan yang solid untuk lingkungan Perbankan dan Keuangan. Fokus utama saya adalah menilai postur keamanan saat ini, mengidentifikasi celah kritis, lalu merancang rencana mitigasi yang praktis dan siap diterapkan. Ruang lingkup singkat: • Meninjau arsitektur jaringan dan kebijakan akses yang sudah ada. • Melakukan analisis kerentanan tingkat jaringan serta pengujian penetrasi terbatas bila diperlukan. • Menyusun laporan risiko beserta rekomendasi prioritas (best practice, kepatuhan regulator, dan langkah cepat yang dapat diambil tim internal). • Sesi diskusi online untuk memaparkan temuan dan menjawab pertanyaan tim IT saya. Saya menghargai komunikasi jelas, dokumentasi terstruktur, dan pendekatan p...

A full-scope penetration test is required on my production web application with special attention paid to authentication and authorization workflows, input validation and sanitization routines, session management, and any additional vectors you deem necessary for a modern OWASP-aligned assessment. Automated scanning is welcome, yet the emphasis should remain on thorough manual exploitation using tools such as Burp Suite, Kali Linux, or equivalents, so that business-logic flaws are uncovered alongside technical ones. Please include a redacted sample or concise summary of past work that demonstrates report structure, depth of findings, and remediation guidance. No other application materials are necessary at this stage. Deliverables expected: • An executive summary and detailed ...

I’m ready to give you full access to our live, multi-tenant transportation SaaS, and I need a complete quality audit finished as soon as possible—no later than 20 business days after the NDA is signed. What I expect you to cover • Functional depth first: 13 individual modules (booking, dispatch, driver tracking, pricing, invoicing, SMS/email marketing, and the rest) must be exercised in real-world workflows for all six user roles. • Security with special focus on tenant-to-tenant isolation. Authentication, authorization, injection vectors, and PCI areas still need attention, but isolation is the non-negotiable baseline. • Load and performance baselines under realistic concurrency. • Usability feedback from the perspective of each role. • Cr...

Saya membutuhkan sebuah script pengujian keamanan khusus untuk VPS DigitalOcean yang saya kelola. Fokus pengujian adalah pada ketahanan layanan terhadap serangan DDoS sehingga saya bisa menilai seberapa cepat server melambat, titik kegagalan, serta parameter yang perlu dioptimalkan. Ruang lingkup yang saya harapkan: • Menulis script (bash atau python) yang dapat mensimulasikan traffic DDoS secara terukur—misalnya melalui flood HTTP/HTTPS atau UDP—tanpa merusak sistem file atau mengeksekusi payload berbahaya. • Opsi konfigurasi agar saya bisa menentukan durasi, intensitas, dan jenis traffic. • Log real-time dan ringkasan hasil (CPU, RAM, bandwidth, response time) setelah pengujian selesai. • Panduan penggunaan singkat: cara menjalankan, parameter apa s...

请注册或者登录后来查看详情。

I need an experienced security expert to evaluate the network layer of our multiplayer game infrastructure. This evaluation is limited to penetration testing and does not include reverse engineering or anti-cheat development. The evaluation must cover three core activities: port scanning (mapping all exposed services), vulnerability scanning (identifying exploitable weaknesses), and intrusion detection testing (evaluating the responsiveness of our current monitoring systems to actual attack patterns). Vulnerability reproduction needs to be written into a simple user interface script. You will be using a test copy of the production environment for the evaluation, which includes the login server, matchmaking server, and in-game transaction server. Upon completion of the testing, I expect to...

Project Brief (Summary): Authorized Token Exposure Testing Platform Goal Develop a security testing tool to identify insecure handling of API tokens, session tokens, and credentials in web apps and APIs— Mainly Telgram HTTP API tokens Core Functions Scan for phishing websites…, - Traffic Analysis: Inspect and replay HTTP requests to detect tokens in headers, cookies, and responses - Client-Side Scanning: Identify tokens or secrets in JavaScript, LocalStorage, SessionStorage, and frontend code - Endpoint Discovery: Map API endpoints and classify authentication requirements - Token Inspection: Decode and analyze JWTs (expiry, scope, sensitivity) - Auth Testing: Validate whether APIs correctly enforce authentication and authorization - Offline Analysis: Support...

I’m enrolled in an online security course and the Capture-the-Flag component is very challenging. Your role is to coach me through these CTF tasks, sharpening technique rather than simply handing over flags. During live screen-share sessions, I want you to help me: - navigate through multiple machines and OS (Windows and Linux) - navigate various exploits (metasploit, kali) basd on the unique machine environment - navigate different clues and dead ends We can schedule focused virtual meetings around specific machines and exploits and walk through challenges. If this sounds like your kind of deep dive, let’s connect and plan the first walkthrough.

I need an experienced security professional to spend time in our Delhi NCR office and harden every layer of our development environment, starting with the laptops my engineers use daily. Immediate focus – securing laptops Please arrive ready to implement or advise on: • Prevent data/code leakage • Restrict USB, file sharing, and all external uploads • Control developer access with screen recording Activity monitoring is the key restriction I want enforced from day one. You may bring your own preferred EDR/DLP toolset or work with ours; what matters is that the controls are provably effective and centrally managed. Broader scope during the same engagement Once the endpoints are locked down, I’ll move straight to: – Rolling out Data Loss Preve...

We are a startup working on a highly confidential and private internal project. Due to the sensitive nature of this initiative, we require a highly experienced Cybersecurity Specialist with strong expertise in advanced security testing and simulation techniques. This is not a basic vulnerability scanning or standard assessment role. We need an expert capable of performing comprehensive, advanced-level security testing against robust environments while maintaining complete confidentiality. Project Duration: 2 to 3 months (possible extension based on project needs) Compensation: ₹3,00,000 per month (premium budget for the right expert with proven advanced skills) Key Requirements: 5+ years of hands-on experience in advanced cybersecurity testing and security operations Must hold advance...

I need all 50 selected PortSwigger Web Security Academy labs solved end-to-end, not just marked as completed. Each exploit must be reproduced with real traffic in Burp Suite (Community or Pro) and any other tooling you find useful; screenshots or evidence of the successful exploit have to be captured along the way. For every lab you solve, hand over a concise written report that follows the exact “Problem Statement → Solution → Results” structure. I only need a basic overview, so keep each section tight—no exhaustive step-by-step narrative, just the essential reasoning, key actions, and the final proof that the lab objective was met. Deliverables (one archive at the end): • A single document (PDF or DOCX) containing 50 mini-reports, each following the st...

I operate a live online betting platform and want a qualified ethical hacker to run a full-scale penetration test against the public-facing web application. The priority is website & application-level weaknesses, so I expect you to probe everything users can touch: signup, log-in, wallets, odds display, live bets, admin panels behind authentication—every feature that might be exploited. Please include the usual suspects—SQL injection, XSS, CSRF, IDOR, authentication bypass, file upload issues, business-logic flaws—essentially the OWASP Top 10 and anything else you uncover during your manual and automated reconnaissance. Black-box testing is preferred at first; if you later need limited credentials for deeper inspection we can arrange that. Deliverables I need: &bull...

Project Description: We are seeking a highly skilled and experienced cybersecurity professional to conduct a comprehensive Vulnerability Assessment and Penetration Test (VAPT) on our mobile application. The primary goal is to identify, assess, and report on security vulnerabilities within the mobile client and its associated backend APIs. The ideal candidate will have a proven track record in mobile security, follow industry-best practices (such as OWASP MASVS), and provide a detailed, actionable report. About the Application: Application Name: SecureApp Platform(s): iOS/Android Primary Function: An e-commerce platform for handmade goods Technology Stack (if known):React Native, Backend is Node.js Scope of Work: The VAPT should cover, but is not limited to, the following areas: 1. Mo...

I need an experienced security specialist to carry out a thorough review of our bank system’s defences, with the spotlight on the core database and the overall security architecture that surrounds it. This is not a simple camera-or-alarm health check; instead, I want the underlying structure, data flows, and access logic examined for weaknesses that could compromise customer information or interrupt critical services. Scope of work • Map the current database design, supporting servers, and connected services. • Perform vulnerability assessments and penetration tests against these elements, documenting every finding with clear evidence. • Evaluate encryption, key management, privileged-user policies, and change-management procedures to be sure they align with m...

We are a growing startup working on a highly private and confidential internal project. Due to the sensitive nature of this initiative, we require an experienced Cybersecurity Expert with strong background in advanced security operations, threat intelligence, and secure information handling Key Requirements: Proven expertise in cybersecurity, network security, and information protection Advanced skills in online research, deep investigation, and gathering intelligence from various web sources Experience with secure data collection, analysis, and management techniques Ability to work with complex security tools and environments while maintaining complete confidentiality Strong knowledge of anonymity practices, secure communication, and protective measures in challenging online scenarios...