Security Audit & Penetration Test for Chrome Extension and Node.js Backend

Posted last month

Worldwide

Summary

Project Overview I am the founder of BridgeOpsOne, an operational communications platform designed for NOC, data center, and incident management teams. The platform currently consists of: A Chrome Extension A Node.js/Express backend API OpenAI API integration User authentication and account management Operational communication workflows (incident updates, executive summaries, customer communications, timelines, etc.) I recently migrated from a direct browser-to-OpenAI architecture to a backend-server architecture and would like a professional security assessment before expanding the user base. What I'm Looking For I am looking for an experienced Application Security Professional or Penetration Tester to perform a security assessment of my platform and identify any vulnerabilities, misconfigurations, or security weaknesses. I would also strongly prefer someone who can assist with remediation (fixing vulnerabilities) after the assessment is complete. Scope of Assessment Please evaluate the following areas: Chrome Extension Security Extension permissions review Secure storage practices Content script security Message passing security Sensitive data exposure Browser-based attack vectors Backend/API Security Authentication and authorization testing Broken access controls API endpoint security Input validation Rate limiting Session management Error handling Secret management Environment variable exposure Application Security OWASP Top 10 testing Injection vulnerabilities Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Server-Side Request Forgery (SSRF) Business logic flaws User privilege escalation Data exposure risks AI & OpenAI Integration Security Prompt injection testing Abuse scenarios Cost-exhaustion attacks API misuse opportunities Input/output security concerns General Security Review Secure coding practices Security headers Logging practices Overall architecture recommendations Deliverables I would like: A detailed security report Vulnerability severity ratings (Critical, High, Medium, Low) Reproduction steps for findings Screenshots or proof of concept where applicable Clear remediation recommendations A final summary of overall security posture Remediation Support (Preferred) Please indicate whether you can also assist with: Fixing identified vulnerabilities Updating code where necessary Re-testing after remediation Providing a final validation report If remediation support is available, please include your hourly rate or estimated cost for remediation work. Ideal Candidate Experience testing SaaS applications Experience securing Node.js/Express applications Experience testing Chrome Extensions Familiarity with OpenAI or AI-powered applications Strong understanding of OWASP Top 10 Ability to explain findings in a way that a solo founder/developer can understand and implement To Apply Please include: Relevant certifications (OSCP, PNPT, CEH, Security+, etc.) Example security reports (sanitized if necessary) Brief description of similar projects completed Whether you provide remediation support after testing Budget: Open to fixed-price or hourly proposals depending on experience and scope.

  • $1,000.00

    Fixed-price
  • Intermediate
    Experience Level
  • Remote Job
  • Ongoing project
    Project Type
Skills and Expertise
Mandatory skills
Penetration Testing
Website Security
Activity on this job
  • Proposals:20 to 50
  • Last viewed by client:3 weeks ago
  • Hires:
    1
  • Interviewing:
    1
  • Invites sent:
    0
  • Unanswered invites:
    0
About the client
Member since May 24, 2026
  • United States
    San Antonio8:28 AM
  • $7.7K total spent
    6 hires, 6 active

Explore similar jobs on Upwork

1099 Independent ContractorHourly‐ Posted 2 weeks ago
CompTIA
Network and Cloud EngineerHourly‐ Posted 2 weeks ago
Network Security
Virtual LAN
Firewall

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo