Test di penetrazione Jobs

I run an EU-registered consultancy delivering cybersecurity services to mid-market and enterprise clients in France and broader Europe. I'm building a roster of cybersecurity engineers I can engage on a recurring basis as client missions come in — not a one-off project. What I'm looking for : A cybersecurity engineer (mid-level acceptable, 3+ years hands-on) able to deliver vulnerability assessments and penetration tests on: - Network infrastructure (internal/external) - Web applications (OWASP Top 10, API security) - Cloud environments (AWS, Azure, or GCP — at least one) Required : - At least one recognized certification: OSCP, CEH, CompTIA PenTest+, or equivalent (please state which in your bid) - Hands-on experience with Nmap, Burp Suite, Metasploit, OWASP ZAP, a...

I need a thorough security audit that examines our network perimeter, our internally-developed web and mobile applications, and the policies we rely on to stay aligned with compliance and governance standards. The goal is to obtain a clear, evidence-based view of where our current controls succeed, where they fail, and which vulnerabilities demand immediate remediation. Here is what the engagement should cover: • Network security – vulnerability assessment, configuration review, segmentation and firewall rule analysis • Application security – code-level and runtime testing aligned with OWASP, including authentication, data handling and session management checks • Compliance and governance – gap analysis against the relevant framework (ISO 27001, NIST ...

I need an experienced ethical hacker to dive deep into my web application and pinpoint any security weaknesses before they can be exploited in the wild. The sole objective is to identify vulnerabilities, not to gain or provide unauthorized access for malicious purposes. You’ll have full permission to run a comprehensive penetration test against the live site (or a staging clone, if you prefer). Feel free to use the tools you trust most—Burp Suite, OWASP ZAP, Metasploit, custom scripts—so long as the process is legally compliant and doesn’t disrupt service for genuine users. At the end of the engagement I expect: • A clear, well-structured report detailing every vulnerability you uncover, proof-of-concept evidence, risk ratings, and practical remediation advic...

I want a seasoned security professional to probe my site from every angle and show me—plainly—where a hacker would slip in. My main worry is outright breaches, not just compliance check-boxes, and at the moment I only have the usual basic plugins and a standard SSL certificate in place. You’ll need to run a full vulnerability assessment and light penetration test, review server and application configurations, and evaluate any code that touches the public web. Feel free to bring out Burp Suite, OWASP ZAP, Nikto, or whatever toolset you trust; I’m interested in real-world exploitability, not generic scanner output. Please deliver: • A concise report detailing each weakness, its risk level, and clear remediation steps • A prioritised action plan I c...

I need an experienced ethical hacker to dive deep into my web application and pinpoint any security weaknesses before they can be exploited in the wild. The sole objective is to identify vulnerabilities, not to gain or provide unauthorized access for malicious purposes. You’ll have full permission to run a comprehensive penetration test against the live site (or a staging clone, if you prefer). Feel free to use the tools you trust most—Burp Suite, OWASP ZAP, Metasploit, custom scripts—so long as the process is legally compliant and doesn’t disrupt service for genuine users. At the end of the engagement I expect: • A clear, well-structured report detailing every vulnerability you uncover, proof-of-concept evidence, risk ratings, and practical remediation advic...

Our organisation runs a geographically-distributed Wide Area Network and I want independent confirmation that the data moving across it cannot be intercepted, decoded, or manipulated. The engagement is limited to traffic analysis and sniffing on the live WAN links; firewall rule-sets and router configurations are out of scope unless you discover something during capture that clearly ties back to them. Scope • Perform lawful, ethical interception of packet flows on agreed WAN segments. • Analyse captured traffic for clear-text credentials, session fixation, protocol misconfiguration, or other weaknesses that could lead to privilege escalation or data leakage. • Attempt non-disruptive proof-of-concept exploits only where traffic analysis indicates a realistic attack pat...

I need a skilled security professional to perform grey box penetration testing on a mobile mini-app. The app is available on both iOS and Android platforms. Key Requirements: - Conduct vulnerability assessments and exploit potential security weaknesses. - Provide a detailed report of findings, including recommendations for remediation. - Ensure the app's security is tested without full knowledge of the internal workings. Ideal Skills and Experience: - Proven experience in grey box penetration testing. - Expertise in mobile application security, specifically on iOS and Android. - Strong knowledge of security tools and methodologies. - Ability to deliver comprehensive and clear security reports. Looking for freelancers with relevant certifications and a strong portfolio in mobile app...

I'm looking for an experienced application security expert to help secure our mobile application, which is built on both iOS and Android platforms. Key Requirements: - Assess and identify vulnerabilities in our mobile app - Implement robust security measures to protect against potential threats - Provide detailed security reports and recommendations - Collaborate with our development team to ensure secure coding practices Ideal Skills and Experience: - Proven track record in application security, specifically for mobile apps - In-depth knowledge of security protocols for both iOS and Android platforms - Strong understanding of secure coding practices - Experience with security assessment tools and methodologies - Ability to communicate effectively with non-technical team members I...

I have a newly built software platform running entirely on Firebase and, as part of my contract with the end-client, I must supply an independent penetration-testing report. The application itself is straightforward—no AI components or unusual integrations—so the engagement will be tightly focused on classic web and cloud-hosted attack surfaces. Key focus areas • Authentication issues: confirm sign-in, session handling and privilege escalation vectors are fully locked down. • Data leakage: verify that Firestore, Cloud Storage buckets and any API endpoints are not exposing sensitive information through misconfigurations or improper access rules. • Injection attacks: test for SQL-like or NoSQL injection, as well as any injection vectors in Cloud Functions or...

My Linux server was compromised and every file was renamed with the “Sorry-ID” extension. No usable backups exist, but I still have full root access through SSH and the hosting console. I need an experienced security-focused sysadmin (or incident-response specialist) who can: • Attempt decryption or data-recovery of the affected files (STOP/DJVU or any other relevant toolkit) Acceptance is straightforward: no active malicious processes remain, the decrypted or otherwise restored files are accessible in their original names and paths, and I receive the post-mortem report plus a brief checklist of security improvements applied. You will have full root credentials, console screenshots if needed, and immediate access to system logs. I’m ready to start as soon as yo...

Scope of Work * Perform security assessment of web application (Python/Django) and APIs * Test authentication, authorization (RBAC), and session management * Identify vulnerabilities (e.g., SQLi, XSS, command injection, API abuse) * Assess Linux and Windows endpoint agents for: * Privilege escalation risks * Service configuration and permissions * Secure communication (TLS) * Evaluate on-prem server security: * Open ports/services * OS hardening * User access and permissions * Conduct network security testing: * Data in transit (encryption) * Internal communication paths * Review installation and deployment process: * RPM/package security * Configurations and secrets handling ⸻ Deliverables * Detailed security report with severity ratings * Proof ...

My site was taken offline by my UK host after it started broadcasting attacks. I need the infection completely removed and the core CMS, plugins, themes and server-side code cleaned so the host will re-enable the account. Once the immediate threat is gone, I also want regular security updates and monitoring so I am not caught out again. If you can set up automated scans, timely patching and a simple monthly report, that would be ideal. I do not yet have any formal compliance obligations, but please build the solution so it can be tightened later should specific requirements arise. Key outcomes I expect: • All malware, backdoors and suspicious files eradicated • Clear documentation of what was found and fixed • Hardening of WordPress, server configs and user credenti...

Context: I’m taking an ethical hacking course on Windows XP (32bit, x86) and trying to perform a classic buffer overflow using 32bit FTP version 25.10.31 as the target client, a fake FTP server written in Python 2 to send the payload, and Immunity Debugger to capture the crash. What is working: • The Python server starts normally on port 21 • 32bit FTP successfully connects to the Python server • The payload of x41 is sent in the 220, 331 and 230 response fields • At some point the FTP seems to crash (screen goes grey) • Immunity Debugger is configured as JIT debugger • DEP is configured as “essential programs only” • Memory access violation is configured to NOT be ignored in Immunity The problem: Immunity Debugger is not capturi...

Context: I’m taking an ethical hacking course on Windows XP (32bit, x86) and trying to perform a classic buffer overflow using 32bit FTP version 25.10.31 as the target client, a fake FTP server written in Python 2 to send the payload, and Immunity Debugger to capture the crash. What is working: • The Python server starts normally on port 21 • 32bit FTP successfully connects to the Python server • The payload of x41 is sent in the 220, 331 and 230 response fields • At some point the FTP seems to crash (screen goes grey) • Immunity Debugger is configured as JIT debugger • DEP is configured as “essential programs only” • Memory access violation is configured to NOT be ignored in Immunity The problem: Immunity Debugger is not capturi...

My Magento store on cyberpanel has been hacked and is now completely down. I need someone who can jump in immediately, bring the site back online, and make sure this doesn’t happen again. Here’s what I expect: • Run a full security scan to pinpoint every infection or vulnerability. • Perform thorough malware removal so the storefront is 100 % clean. • Carry out a code audit to find and patch any backdoors or weak spots. • Harden the installation for future attacks—updates, patches, and any other preventative measures you recommend. Please document the steps you take, supply a summary report of issues found and fixed, and confirm the site is loading normally before hand-off. Experience with Magento on cyberpanel, SSH access, and common security ...