Upwork home
Sign up

OWASP Webmail Security Assessment Expert | cPanel / Roundcube | Email Security Penetration Testing

Posted last week

Worldwide

Summary

looking for an experienced OWASP Web Application Security Expert / Email Security Consultant / Penetration Tester to perform a comprehensive security assessment of our cPanel/Roundcube Webmail environment. Our users access their corporate email accounts through cPanel Webmail (Roundcube), and the objective of this engagement is to identify security weaknesses, validate existing controls, and provide a professional Vulnerability Assessment Report with prioritized remediation recommendations. This is a security assessment and reporting engagement only. No remediation or exploitation beyond agreed testing scope is required. Scope of Work The selected consultant will perform an end-to-end security assessment covering: Authentication & Access Control Login page security assessment User enumeration testing Password policy review Account lockout validation Brute force protection assessment Session fixation testing Session timeout validation Cookie security review Authentication flow analysis OWASP Web Application Testing Perform testing based on the OWASP Web Security Testing Guide (WSTG), including but not limited to: Information Gathering Authentication Testing Authorization Testing Session Management Testing Input Validation Testing Security Misconfiguration Review Cryptographic Controls Review Client-Side Security Review Webmail Security Testing Review and assess: Roundcube Webmail security configuration Login workflow Password reset functionality Mailbox access controls Contact management security Search functionality File attachment handling HTML email rendering Dangerous attachment validation Session & Cookie Security Validate: Secure Cookies HttpOnly SameSite Session regeneration Logout behavior Concurrent session handling Session expiration Infrastructure & Email Security Review Assess: TLS/SSL configuration HTTP security headers SMTP/IMAP/POP3 exposure SPF, DKIM & DMARC configuration Security response headers Web server configuration Information disclosure Deliverables The consultant will provide: 1. Executive Summary Overall security posture High-level findings Business impact Risk summary 2. Technical Vulnerability Assessment Report For every finding include: Vulnerability Description Risk Rating (Critical / High / Medium / Low) CVSS Score Technical Details Evidence/Screenshots Business Impact Remediation Recommendation 3. OWASP Mapping Map findings against: OWASP Top 10 OWASP WSTG CWE references (where applicable) 4. Prioritized Remediation Roadmap Categorize recommendations into: Immediate Actions Short-Term Improvements Long-Term Security Enhancements Required Skills We are looking for professionals with proven experience in: OWASP Web Application Security Testing Roundcube Webmail Security cPanel/WHM Administration Email Security Assessments Authentication & Session Security Web Application Penetration Testing Burp Suite Professional OWASP ZAP Nmap Nikto TLS/SSL Security Review Relevant certifications are highly preferred: OSCP OSWE CEH eWPT GWAPT CISSP GIAC CREST Important Notes This engagement is for our own infrastructure, and the selected consultant will be authorized to perform testing. Testing must follow responsible and ethical penetration testing practices. No denial-of-service activities or destructive testing are permitted. Any high-risk testing must be discussed and approved before execution. All findings and information must remain strictly confidential.

  • Less than 30 hrs/week
    Hourly
  • < 1 month
    Duration
  • Expert
    Experience Level

  • $8.00

    -

    $30.00

    Hourly
  • Remote Job
  • One-time project
    Project Type
Skills and Expertise
Mandatory skills
Penetration Testing
Vulnerability Assessment
Activity on this job
  • Proposals:15 to 20
  • Last viewed by client:last week
  • Interviewing:
    4
  • Invites sent:
    6
  • Unanswered invites:
    2
About the client
Member since Feb 3, 2022
  • United Arab Emirates
    Abu Dhabi12:10 AM
  • $570 total spent
    11 hires, 4 active
  • 8 hours

Explore similar jobs on Upwork

1099 Independent ContractorHourly‐ Posted 3 days ago
CompTIA
AWS Security RemediationFixed-price‐ Posted 2 weeks ago
Network Security
Amazon Web Services
Information Security
SOC 2
NIST SP 800-53

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo

Already have an account? Log in