Project Description
I need an experienced tester to run a concise Web Application Penetration Testing exercise against one production site (URL shared after NDA). The single goal is to identify vulnerabilities, not to perform a full red-team or infrastructure assessment.
Scope
• Entire web application—both authenticated and public areas—are in scope.
• No separate network or mobile testing is required.
Timeframe
I’m ready to move immediately and would like the initial findings within a few days, with the final report no later than one week after kick-off.
Deliverables
• PDF report containing an executive summary, detailed technical findings, proof-of-concept evidence, and clear remediation guidance ranked by severity.
• Brief follow-up call to clarify results and recommended fixes.
Please confirm you can start ASAP, outline the tools/methodology you’ll use (e.g., OWASP Top 10, Burp Suite, OWASP ZAP), and share a sample report or two if possible.