Security Audit & Penetration Test for Chrome Extension and Node.js Backend
Worldwide
Project Overview I am the founder of BridgeOpsOne, an operational communications platform designed for NOC, data center, and incident management teams. The platform currently consists of: A Chrome Extension A Node.js/Express backend API OpenAI API integration User authentication and account management Operational communication workflows (incident updates, executive summaries, customer communications, timelines, etc.) I recently migrated from a direct browser-to-OpenAI architecture to a backend-server architecture and would like a professional security assessment before expanding the user base. What I'm Looking For I am looking for an experienced Application Security Professional or Penetration Tester to perform a security assessment of my platform and identify any vulnerabilities, misconfigurations, or security weaknesses. I would also strongly prefer someone who can assist with remediation (fixing vulnerabilities) after the assessment is complete. Scope of Assessment Please evaluate the following areas: Chrome Extension Security Extension permissions review Secure storage practices Content script security Message passing security Sensitive data exposure Browser-based attack vectors Backend/API Security Authentication and authorization testing Broken access controls API endpoint security Input validation Rate limiting Session management Error handling Secret management Environment variable exposure Application Security OWASP Top 10 testing Injection vulnerabilities Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Server-Side Request Forgery (SSRF) Business logic flaws User privilege escalation Data exposure risks AI & OpenAI Integration Security Prompt injection testing Abuse scenarios Cost-exhaustion attacks API misuse opportunities Input/output security concerns General Security Review Secure coding practices Security headers Logging practices Overall architecture recommendations Deliverables I would like: A detailed security report Vulnerability severity ratings (Critical, High, Medium, Low) Reproduction steps for findings Screenshots or proof of concept where applicable Clear remediation recommendations A final summary of overall security posture Remediation Support (Preferred) Please indicate whether you can also assist with: Fixing identified vulnerabilities Updating code where necessary Re-testing after remediation Providing a final validation report If remediation support is available, please include your hourly rate or estimated cost for remediation work. Ideal Candidate Experience testing SaaS applications Experience securing Node.js/Express applications Experience testing Chrome Extensions Familiarity with OpenAI or AI-powered applications Strong understanding of OWASP Top 10 Ability to explain findings in a way that a solo founder/developer can understand and implement To Apply Please include: Relevant certifications (OSCP, PNPT, CEH, Security+, etc.) Example security reports (sanitized if necessary) Brief description of similar projects completed Whether you provide remediation support after testing Budget: Open to fixed-price or hourly proposals depending on experience and scope.
$1,000.00
Fixed-price- IntermediateExperience Level
- Remote Job
- Ongoing projectProject Type
Skills and Expertise
Activity on this job
- Proposals:20 to 50
- Last viewed by client:3 weeks ago
- Hires:1
- Interviewing:1
- Invites sent:0
- Unanswered invites:0
About the client
- United StatesSan Antonio8:28 AM
- $7.7K total spent6 hires, 6 active
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by