Upwork home
Sign up

Penetration Testing (Network + Web Application) for Amazon SP-API Compliance — Azure

Posted 2 weeks ago

Worldwide

Summary

Overview We're a software provider integrating with Amazon's Selling Partner API (SP-API) and are completing Amazon's Data Protection Policy security audit. We need two penetration tests performed by a qualified, independent tester, with reports that will be submitted to Amazon's reviewers. Automated scan output alone (e.g., ZAP, Nessus) will not satisfy this requirement — manual testing by a credentialed professional is required. Engagement 1 — Cloud / Network Penetration Test Scope: Azure VNET and private subnet configuration review Network segmentation validation External perimeter testing of internet-facing assets Report must contain: tested assets, test dates, methodology, findings with severity ratings, remediation recommendations, and retest status. Engagement 2 — Web Application Penetration Test (https://app.urbanseller.net) Scope: Front-end application Back-end API (REST / GraphQL) Authentication & authorization mechanisms, including OAuth 2.0 / Login with Amazon token issuance, refresh, storage, and rotation Business logic testing Methodology: OWASP (WSTG / Top 10) Report must contain: client name, tested URLs/endpoints, test dates, methodology, findings with severity ratings, remediation recommendations, and retest confirmation. Environment Small Azure footprint — web/UI front end, REST API back end, one SQL database, one storage account. Full technical details and scoped access provided to the selected tester under NDA. Required qualifications Recognized certification: OSCP, CREST, and/or GPEN Independent third party (no affiliation with our organization) Demonstrated manual penetration testing experience (not automated-scan-only) Strongly preferred: prior experience producing pen test reports accepted in Amazon SP-API / Data Protection Policy audits Deliverables Two formal reports (network + application) meeting the content requirements above, each with an executive summary A remediation retest and updated/confirmed report after we address any findings

  • Less than 30 hrs/week
    Hourly
  • < 1 month
    Duration
  • Entry level
    Experience Level

  • $15.00

    -

    $45.00

    Hourly
  • Remote Job
  • One-time project
    Project Type
Skills and Expertise
Mandatory skills
Penetration Testing
Network Security
Activity on this job
  • Proposals:20 to 50
  • Last viewed by client:2 weeks ago
  • Hires:
    1
  • Interviewing:
    0
  • Invites sent:
    0
  • Unanswered invites:
    0
About the client
Member since Aug 8, 2017
  • Switzerland
    Collongebellerive3:14 PM
  • $820 total spent
    6 hires, 1 active
  • 1 hour

Explore similar jobs on Upwork

AWS Security RemediationFixed-price‐ Posted 3 weeks ago
Network Security
Amazon Web Services
Information Security
SOC 2
NIST SP 800-53
Network and Cloud EngineerHourly‐ Posted 4 days ago
Network Security
Virtual LAN
Firewall

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo

Already have an account? Log in