Security assessment & penetration test — fintech web app (3 portals)

Posted 3 weeks ago

Worldwide

Summary

Remote · Fixed price: $150 USD · 1 week · NDA required About the project:- We're building Estra Finance — an AI-enabled mortgage brokerage platform in the Philippines. The platform connects real estate developers, borrowers, and lender banks across three portals: a Borrower Portal, a Developer Partner Portal, and an Admin Portal. We're approaching a wider launch and need a thorough security assessment before going live. The platform handles sensitive KYC documents, financial records, and loan applications — security is a top priority. Scope of work :- Testing is against a designated staging environment only. No destructive testing without written approval. 1, Web application testing (OWASP Top 10) Auth & session management, privilege escalation, injection, XSS/CSRF, IDOR, business logic flaws 2, API security testing Full REST endpoint enumeration, JWT manipulation, RBAC enforcement, rate limiting, mass assignment 3, File upload & storage security KYC upload validation, Supabase Storage bucket access controls, path traversal 4, Infrastructure & configuration review Fly.io deployment, SSL/TLS, HTTP security headers, Supabase RLS policies, secrets exposure 5, AI & integration attack surfaces OpenAI key exposure, prompt injection, Bull/Redis queue security, OAuth callback security Skills required Penetration Testing - OWASP Top 10 - Web App Security - API Security - XSS / CSRF - SQL Injection - Privilege Escalation - JWT Security - RBAC Testing Who we're looking for :- Expert-level pentester with proven experience testing fintech or data-sensitive web applications. Must have hands-on knowledge of Supabase RLS, JWT-based auth, and NestJS APIs — and deliver clean, professional reports with CVSS scores and actionable fixes. Certifications (OSCP, eWPT, CEH) preferred but strong work samples carry more weight.

  • $150.00

    Fixed-price
  • Expert
    Experience Level
  • Remote Job
  • One-time project
    Project Type
Skills and Expertise
Mandatory skills
Penetration Testing
Vulnerability Assessment
Activity on this job
  • Proposals:20 to 50
  • Last viewed by client:3 weeks ago
  • Hires:
    1
  • Interviewing:
    13
  • Invites sent:
    30
  • Unanswered invites:
    12
About the client
Member since Dec 22, 2022
  • Australia
    Hobart1:25 AM
  • $2.6K total spent
    19 hires, 2 active

Explore similar jobs on Upwork

1099 Independent ContractorHourly‐ Posted 2 weeks ago
CompTIA
AWS Security RemediationFixed-price‐ Posted 4 weeks ago
Network Security
Amazon Web Services
Information Security
SOC 2
NIST SP 800-53

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo