Security Audit + Pen Test of AI-Built Supabase/React Portal

Posted 2 days ago

Only freelancers located in the U.S. may apply.U.S. located freelancers only

Summary

I have a private affiliate portal (admin + affiliate logins) that tracks clicks, conversions, and commissions. The whole thing was built with AI (Claude Code). It works, but we already found several real security breaches ourselves wrong people able to see data they shouldn't. I need a real expert to go through the entire app, hack it like an attacker would, fix what's found, and prove it's secure. What it's built with: The website: React with TypeScript (the affiliate/admin dashboard pages) The database and backend: Supabase — that's a Postgres database where the security rules (Row-Level Security) decide who can see what, plus server functions written in TypeScript, and login/auth all handled by Supabase Connections: it pulls conversion data from an affiliate network API. If you don't have real, hands-on Supabase security experience (RLS policies, grants, views, edge functions), this job is not for you. What you'll do: Audit the entire app — every database rule, every server function, every screen — for data leaks and broken access control. #1 concern: affiliates must never be able to see the network revenue numbers, through any screen, export, API call, or dev-tools trick. Pen test it as a logged-out visitor and as a logged-in affiliate trying to see other people's data or become admin. Test the API directly, not just the UI. Fix everything properly real fixes at the database/server level, not patches. All changes as reviewable migrations and commits. Nothing deploys without my approval. Give me a short written report: each issue, how you proved it, how you fixed it, and a re-test showing it's closed. In your own words, tell me: One specific Supabase/RLS data-leak you personally found and fixed (2–3 sentences) How you'd test whether an affiliate can see admin-only data

  • Less than 30 hrs/week
    Hourly
  • 1-3 months
    Duration
  • Intermediate
    Experience Level
  • Remote Job
  • Ongoing project
    Project Type

Contract-to-hire opportunity

This lets talent know that this job could become full time.
Learn more
Skills and Expertise
Mandatory skills
AI Security
Application Security
Activity on this job
  • Proposals:10 to 15
  • Last viewed by client:yesterday
  • Hires:
    1
  • Interviewing:
    3
  • Invites sent:
    0
  • Unanswered invites:
    0
About the client
Member since Jun 5, 2025
  • USA
    Lakewood 8:25 PM
  • $3.9K total spent
    8 hires, 5 active

Explore similar jobs on Upwork

Security and Compliance SpecialistFixed-price‐ Posted 2 weeks ago
Network Security
Information Security
Penetration Testing
Security Analysis
B2B Sales Partner for CybersecurityHourly‐ Posted 2 weeks ago
B2B Marketing
Sales
Outbound Sales
Telemarketing

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo