Project Description
Scope of Work
* Perform security assessment of web application (Python/Django) and APIs
* Test authentication, authorization (RBAC), and session management
* Identify vulnerabilities (e.g., SQLi, XSS, command injection, API abuse)
* Assess Linux and Windows endpoint agents for:
* Privilege escalation risks
* Service configuration and permissions
* Secure communication (TLS)
* Evaluate on-prem server security:
* Open ports/services
* OS hardening
* User access and permissions
* Conduct network security testing:
* Data in transit (encryption)
* Internal communication paths
* Review installation and deployment process:
* RPM/package security
* Configurations and secrets handling
⸻
Deliverables
* Detailed security report with severity ratings
* Proof of concept (PoC) for findings
* Remediation recommendations
* Optional retest after fixes
⸻
Required Experience
* Web application & API penetration testing
* Linux and Windows system security
* Endpoint/agent security (preferred)
* Experience with on-prem environments
⸻
Nice to Have
* Experience with OT/SCADA environments
* Familiarity with NERC CIP or compliance frameworks