Penetration Testing (Network + Web Application) for Amazon SP-API Compliance — Azure
Worldwide
Overview We're a software provider integrating with Amazon's Selling Partner API (SP-API) and are completing Amazon's Data Protection Policy security audit. We need two penetration tests performed by a qualified, independent tester, with reports that will be submitted to Amazon's reviewers. Automated scan output alone (e.g., ZAP, Nessus) will not satisfy this requirement — manual testing by a credentialed professional is required. Engagement 1 — Cloud / Network Penetration Test Scope: Azure VNET and private subnet configuration review Network segmentation validation External perimeter testing of internet-facing assets Report must contain: tested assets, test dates, methodology, findings with severity ratings, remediation recommendations, and retest status. Engagement 2 — Web Application Penetration Test (https://app.urbanseller.net) Scope: Front-end application Back-end API (REST / GraphQL) Authentication & authorization mechanisms, including OAuth 2.0 / Login with Amazon token issuance, refresh, storage, and rotation Business logic testing Methodology: OWASP (WSTG / Top 10) Report must contain: client name, tested URLs/endpoints, test dates, methodology, findings with severity ratings, remediation recommendations, and retest confirmation. Environment Small Azure footprint — web/UI front end, REST API back end, one SQL database, one storage account. Full technical details and scoped access provided to the selected tester under NDA. Required qualifications Recognized certification: OSCP, CREST, and/or GPEN Independent third party (no affiliation with our organization) Demonstrated manual penetration testing experience (not automated-scan-only) Strongly preferred: prior experience producing pen test reports accepted in Amazon SP-API / Data Protection Policy audits Deliverables Two formal reports (network + application) meeting the content requirements above, each with an executive summary A remediation retest and updated/confirmed report after we address any findings
- Less than 30 hrs/weekHourly
- < 1 monthDuration
- Entry levelExperience Level
$15.00
-
$45.00
Hourly- Remote Job
- One-time projectProject Type
Skills and Expertise
Activity on this job
- Proposals:20 to 50
- Last viewed by client:2 weeks ago
- Hires:1
- Interviewing:0
- Invites sent:0
- Unanswered invites:0
About the client
- SwitzerlandCollongebellerive3:14 PM
- $820 total spent6 hires, 1 active
- 1 hour
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by