Security Review / Penetration Test — E-Signature Signing Workflow (Web App)

Posted 3 days ago

Worldwide

Summary

We're looking for an experienced security professional to conduct a scoped penetration test of the signing workflow within our e-signature SaaS platform (Asignu, built with a web app + API backend). Scope: please read carefully, this is intentionally narrow: We are NOT asking for a full application pentest. The scope is limited to the electronic signature signing process, specifically: - Document integrity verification (SHA-256 file hashing — before/after signing) - Authentication methods used during signing (email OTP, SMS OTP, 2FA) — can these be bypassed or spoofed? - Sole-control mechanisms — can someone sign on behalf of another user without their credentials? - Tamper-detection — can a signed document be modified post-signature without detection? - PAdES digital signature / timestamp validation — is this implementation sound against tampering or replay attacks? - API endpoints directly involved in the signing flow (not the full API surface) Deliverable: A written report (PDF or Word) covering: - Methodology used - Findings, categorized by severity (critical/high/medium/low) - Specific recommendations for remediation - A summary statement on whether the signing workflow's integrity/authentication mechanisms hold up under testing Requirements: - Proven experience with web application and API penetration testing - OSCP, OSWE, or CEH certification (please include in your proposal) - Portfolio of prior pentest reports (anonymized/redacted is fine) please share an example - Comfortable working with cryptographic hashing and digital signature validation (PAdES/PKI a plus) - Fluent English for the written report Timeline: 1–2 weeks from kickoff to final report To apply, please include: - Relevant certifications - A redacted example of a past pentest report - Your proposed timeline and fixed price for this scope Testing will be conducted against a staging environment with synthetic test data — not live production data.

  • Less than 30 hrs/week
    Hourly
  • < 1 month
    Duration
  • Expert
    Experience Level
  • Remote Job
  • One-time project
    Project Type
Skills and Expertise
Mandatory skills
Penetration Testing
Vulnerability Assessment
Activity on this job
  • Proposals:20 to 50
  • Last viewed by client:3 days ago
  • Interviewing:
    9
  • Invites sent:
    10
  • Unanswered invites:
    0
About the client
Member since Feb 22, 2020
  • Netherlands
    Leerdam8:09 AM
  • $16K total spent
    20 hires, 2 active
  • 595 hours

Explore similar jobs on Upwork

Security and Compliance SpecialistFixed-price‐ Posted 3 weeks ago
Network Security
Information Security
Penetration Testing
Security Analysis
B2B Sales Partner for CybersecurityHourly‐ Posted 2 weeks ago
B2B Marketing
Sales
Outbound Sales
Telemarketing

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo