With over 5 years of experience in penetration testing, earning the Certified Ethical Hacker, the SANS Certified Penetration Tester(GPEN) and the SANS Certified Web Application Penetration Tester(GWAPT) certification, I feel I would be an excellent choice for this project. I have done Pen Testing engagements for financial institutions, airlines, government and defence organisations. I am knowledgeable in the OWASP Top Ten and other web vulnerabilities and I am adept at using web application attack frameworks such as BurpSuite Pro, Z Attack Proxy and w3af as well as others. I have also written some of my own tools in the areas of enumeration and fuzzing to assist with Web Application assessments.
I propose a 5 day engagement. This engagement will be split up into 3 segments of 2, 2 and 1. The first 2 days will be initial spidering of the application and familiarising myself with how the application does what it does. At the end of the first 2 days any initial findings will be reported to the client with recommendations for fixing the issues, if any, found. The second segment of the engagement will involve more advanced testing of the application, including fuzzing. The third segment of the engagement will be a single day spent on creating the report as well as any retesting that may be required.
If you have any questions or concerns, please do not hesitate to call me on +353 87 604 4562,
Yours Sincerely,
Andrew Court