Comprehensive Web App Security Audit
Summary
Freelancer Client is hiring: Comprehensive Web App Security Audit.
Location: Remote
I need a seasoned security professional to perform an end-to-end audit of our custom web application and the public-facing site that supports it. The focus is firmly on discovering and documenting application-level vulnerabilities—SQL injection, XSS, authentication flaws, insecure APIs, misconfigured headers, anything that could slip past regular QA.
What you'll do:
• Review of server configuration files, access controls, and session management logic
Skills: Penetration Testing, Network Security, Data Protection
Budget: $12500–$37500 USD
Source: Freelancer Client via Remote / Online. Apply on the source website.
Original
I need a seasoned security professional to perform an end-to-end audit of our custom web application and the public-facing site that supports it. The focus is firmly on discovering and documenting application-level vulnerabilities—SQL injection, XSS, authentication flaws, insecure APIs, misconfigured headers, anything that could slip past regular QA.
Scope
• Black-box and white-box testing of every user flow, admin panel, and API endpoint
• Automated scanning with tools such as Burp Suite, OWASP ZAP, Nessus or equivalents, followed by manual verification
• Review of server configuration files, access controls, and session management logic
• Threat modelling to highlight realistic attack paths and business impact
Deliverables
1. Full log set from all automated and manual tests (raw and parsed)
2. A structured vulnerability report: severity rating, PoC steps, affected components, and clear remediation guidance
3. Executive summary for non-technical stakeholders
4. Road-mapped upgrade and hardening recommendations that fit our current tech stack and roadmap
Acceptance Criteria
• No high- or critical-severity issue may be left without a reproducible PoC and fix suggestion
• Reports must be reproducible on our staging environment
• All findings mapped against OWASP Top 10 or relevant CVE references
Please share concise evidence of your previous security audit experience—case studies, sample redacted reports, or relevant certifications (OSCP, CEH, GWAPT). A short availability outline and estimated timeline will help me slot the engagement into our sprint schedule.
Location & Details
Apply on source →About this listing
This remote opportunity was imported from Freelancer and is shown here for discovery. To apply, follow the link to the original posting.