Talent badge filter
Skills filter
Select talent location
Select talent time zones
$30/hr
100%
Job Success
$10K+ earned
Available now
Offers consultations
Start of list.
End of list.
🚨 If your application, SaaS platform, or cloud environment has never undergone a professional security assessment, you may have unknown vulnerabilities that attackers can exploit.
I’m a Certified Penetration Tester and Ethical Hacker providing Vulnerability Assessment and Penetration testing (VAPT) services for web applications, APIs, cloud infrastructure, mobile apps, SaaS platforms, and network environments. My goal is not just to find vulnerabilities — but to help you understand real security risks and fix them effectively.
I perform manual penetration testing supported by professional security tools to identify exploitable weaknesses such as authentication flaws, privilege escalation paths, injection vulnerabilities, and business logic issues.
You will receive a clear and actionable security report that helps developers resolve issues and allows management to understand the real business impact.
🎯 My Services
- Vulnerability Assessment & Penetration Testing (VAPT)
- Web Application Penetration Testing (OWASP Top 10)
- API Penetration Testing (REST, GraphQL, authentication flaws, IDOR, injection)
- Cloud Infrastructure Security (AWS, Azure — misconfigurations, IAM, exposed services)
- Network Penetration Testing (internal & external)
- Mobile Application Security (Android & iOS)
- SaaS Platform Security & Penetration Testing (multi-tenant logic, RBAC, privilege escalation)
- CMS Security (WordPress, Laravel, custom apps)
- Retesting after remediation
📋 What You Will Receive
A clear, structured security report designed for both technical teams and business stakeholders, including:
• Executive summary for management and decision-makers
• Detailed vulnerability findings with severity ratings
• CVSS scoring and risk prioritization
• Proof-of-concept evidence (screenshots, request/response captures)
• Business impact explanation for each issue
• Step-by-step remediation guidance for developers
• Retesting validation after fixes are applied
• Reporting that can support ISO 27001 and SOC 2 compliance preparation
🏆 Certifications
- Certified Ethical Hacker Practical — EC-Council
- eLearnSecurity Junior Penetration Tester (eJPT) — INE
- Certified API Penetration Tester — APISec University
- IBM Cybersecurity Analyst
- Cisco Verified Ethical Hacker
- ISO 27001:2022 Lead Auditor
🛠️ Tools I work with
Burp Suite Pro, OWASP ZAP, Nmap, Nessus, Metasploit, MobSF, Wireshark, Postman, and custom Python/Bash scripts and so on.
Whether you're preparing for a security review, compliance audit, or investor due diligence, I can help you understand your attack surface and security risks.
📩 Send me your scope or asset list and I’ll help you determine the best testing approach.
GM Salman A M.
has worked
.
$50/hr
100%
Job Success
Available now
Start of list.
End of list.
I'm a seasoned Cyber Security Engineer and Web Security Specialist with over 10 years of hands-on experience safeguarding digital landscapes. My expertise lies in fortifying web applications, network infrastructures, and IT systems against emerging threats and vulnerabilities.
⫸ 𝗪𝗵𝗮𝘁 𝗜 𝗢𝗳𝗳𝗲𝗿:
✅ 𝗖𝗼𝗺𝗽𝗿𝗲𝗵𝗲𝗻𝘀𝗶𝘃𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗔𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁𝘀: Thorough vulnerability assessments and penetration testing to identify and mitigate risks.
✅ 𝗪𝗲𝗯 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆: Implementation of robust security measures for web applications, including firewalls, intrusion detection systems, and secure coding practices.
✅ 𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗲: Swift and effective response to security incidents, minimizing damage and ensuring swift recovery.
✅ 𝗖𝗼𝗻𝘀𝘂𝗹𝘁𝗮𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴: Providing expert advice on security best practices and conducting training sessions to empower your team.
⫸ 𝗪𝗵𝘆 𝗖𝗵𝗼𝗼𝘀𝗲 𝗠𝗲:
✅ 𝗣𝗿𝗼𝘃𝗲𝗻 𝗧𝗿𝗮𝗰𝗸 𝗥𝗲𝗰𝗼𝗿𝗱: Successfully secured numerous projects for clients across various industries.
✅ 𝗨𝗽-𝘁𝗼-𝗗𝗮𝘁𝗲 𝗞𝗻𝗼𝘄𝗹𝗲𝗱𝗴𝗲: Constantly staying ahead of the curve with the latest security trends and technologies.
✅ 𝗧𝗮𝗶𝗹𝗼𝗿𝗲𝗱 𝗦𝗼𝗹𝘂𝘁𝗶𝗼𝗻𝘀: Customizing security strategies to meet your specific needs and business goals.
✅ 𝗣𝗿𝗼𝗮𝗰𝘁𝗶𝘃𝗲 𝗔𝗽𝗽𝗿𝗼𝗮𝗰𝗵: Focused on preventive measures to keep your digital assets safe and sound.
Furthermore, I've recovered 100s of websites and I've been acknowledged by many tech giants like Apple, Microsoft, eBay, Intel etc. for identifying and reporting vulnerabilties.
⫸ 𝗦𝗽𝗲𝗰𝗶𝗮𝗹𝗶𝘁𝘆:
✅ 𝐖𝐞𝐛𝐬𝐢𝐭𝐞 𝐏𝐞𝐧𝐞𝐭𝐫𝐚𝐭𝐢𝐨𝐧 𝐓𝐞𝐬𝐭𝐢𝐧𝐠 : Skilled in Web Pentesting having hands-on experience with industry latest tools like Burpsuite etc.
✅ 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐑𝐞𝐦𝐨𝐯𝐚𝐥: Experienced in Malware removal, not like other guys just using Wordfence or Sucuri etc.
✅ 𝐇𝐚𝐜𝐤 𝐑𝐞𝐜𝐨𝐯𝐞𝐫𝐲: Expertise with recovering hacked website even it's fully compromised.
✅ 𝐃𝐃𝐨𝐒 𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧: Great knowledge and experience of DDoS Protection.
✅ 𝐖𝐀𝐅: Experienced with different WAFs ( Web Application Firewalls) like StackPath, Cloudflare, AWS, Akamai, Imperva etc. Expert knowledge of Cloudflare.
Let's collaborate to build a secure and resilient digital environment for your business. Reach out to me, and let's discuss how I can help you protect your most valuable assets.
$100/hr
86%
Job Success
$10K+ earned
Available now
Offers consultations
Start of list.
End of list.
Welcome to the profile of a renowned ethical hacker and bug bounty hunter, ranked among the top 400 hackers on Bugcrowd. With a remarkable portfolio that includes accolades from industry titans such as Samsung, Binance, cPanel, and F5, I bring unrivalled expertise and a track record of accomplishment to the table.
What I Offer:
Ethical Hacking Excellence: With extensive technical skills and an unwavering resolve to find vulnerabilities, I specialise in detecting and addressing security threats across a wide range of platforms and situations. Whether it's web apps or mobile apps, I have the expertise and knowledge to effectively strengthen your digital defences.
Bug Bounty Mastery: As an experienced bug bounty hunter, I have gained the trust of major corporations by my careful methodology and unrelenting dedication to perfection. My contributions have been recognised by reputable businesses such as Samsung, Binance, cPanel, F5, and many others, demonstrating my ability to generate results that exceed expectations.
Beyond bug finding, I provide full security consulting services that are tailored to your individual requirements. Whether you need strategic advice on On cyber security best practices or hands-on support in remediation efforts, I deliver practical insights to help you protect your assets and reduce any threats in advance.
Why Choose Me:
Trusted by Industry Leaders: My track record of accomplishment speaks for itself, with accolades from top-tier firms demonstrating my knowledge and professionalism. When you work with me, you will receive access to the same degree of expertise that has gained the trust of industry leaders globally.
Proactive Approach: I believe in staying one step ahead of cyber threats by taking a proactive approach to security. By conducting extensive evaluations and executing effective mitigation measures, I assist customers in reducing potential hazards before they become full-fledged catastrophes.
Collaborative collaboration: I see each client interaction as a collaborative collaboration with the goal of mutual success. I prioritise open communication, openness, and reactivity to guarantee that your individual demands and objectives are precisely satisfied.
Let us strengthen your security posture:
In an era of rising cyber dangers, investing in strong cyber security measures is critical for protecting your company's integrity and reputation. Partner with me to strengthen your defences, reduce potential risks, and remain ahead of the curve in today's ever-changing threat landscape.
Contact me today to discuss how we help improve your security posture and secure what matters most to you.
Hassan J.
has worked
.
$25/hr
100%
Job Success
$30K+ earned
Start of list.
End of list.
As a CREST/Offensive Security (OSCP) Certified Penetration Tester, OffSec Web Expert (OSWE) and cybersecurity professional with 5 years of experience and more than 100 successful penetration tests completed, my purpose is to protect businesses and individuals from the ever-increasing cyber threats that we face in today's digital age. I believe that everyone deserves the peace of mind that comes with knowing their digital assets are secure and their data protected, and I'm passionate about using my expertise to make that a reality.
With extensive experience in offensive security, I specialize in conducting Web Application, Mobile Application, Internal/External infrastructure, and Wireless infrastructure vulnerability assessments and penetration testing exercises. By working closely with organizations, I develop tailored solutions that meet their unique needs and help them achieve their security goals.
But my work isn't just about technical expertise - it's about empowering businesses and individuals to achieve their objectives with confidence. I'm committed to building strong relationships with the organizations I collaborate with, so that I can truly understand their needs and work collaboratively to create effective solutions. My focus is always on providing value to those I work with.
✅ I have conducted Penetration Test, Vulnerability Assessment and delivered professional reports to companies complying with:
► CREST standards
► Offensive Security (OSCP) standards
► OWASP Top 10 Vulnerability
► OWASP API Security Top 10 Vulnerability
► OWASP Mobile Security Top 10 Vulnerability
► CWE Top 25 Most Dangerous Software Errors
► ISO 27001 Penetration Testing
► General Data Protection Regulation (GDPR)
► Common Vulnerability Scoring System (CVSS)
Julian M.
has worked
.
$55/hr
100%
Job Success
$30K+ earned
Offers consultations
Start of list.
End of list.
Stop vulnerabilities before attackers find them. I help SaaS companies, development firms, and fast-moving startups secure their apps, APIs, and networks before breaches happen.
With 4+ years of hands-on experience in *real-world offensive security, I’ve delivered over 50 security assessments for global clients preventing * $100,000+ in cyber losses and enabling compliance with OWASP, ISO 27001, and SOC 2 standards.
✅ Web Application Penetration Testing OWASP Top 10, logic flaws, RCE, SQLi, XSS, IDOR, SSRF
✅ **API Security Testing (REST, SOAP, GraphQL) – Broken auth, token misuses, injection, rate limits
✅ Internal Network & Active Directory Pentesting – Kerberoasting, misconfigs, lateral movement paths
✅ External Network Pentesting – DNS leaks, open ports, exposed services, privilege escalation
✅ Client Apps Testing (Windows Desktop Apps) – Binary analysis, insecure storage, reverse engineering
✅ OSINT & Recon Assessments – Discover exposed employee, asset, or sensitive data online
✅ Vulnerability Assessment & Retesting – Verified scans, PoCs, and prioritized reports
Why SaaS & Dev Teams Hire Me (And Keep Coming Back):
🔐Certified CPTS & Red Team Expert – Skilled in deep, manual testing across complex environments
📈 Developer-Ready Reports – Fix-focused output with CVSS scores and reproducible PoCs
🤝 Fast Communication & Retesting – Retests included. I help you fix, not just find.
🧠 Security That Scales – Embed DevSecOps and secure your pipeline end-to-end
🔍 Tool-Proficient & Threat-Focused – Burp Suite Pro, Nessus, OWASP ZAP, Metasploit, MobSF, Wireshark
Sample Results I've Delivered:
• Hardened a healthcare SaaS platform, preventing HIPAA compliance violations
• Secured API endpoints for a fintech product, reducing attack surface by 43%
• Detected AD misconfigs in an internal network, preventing lateral domain compromise
• Helped a startup pass its security audit before a $2.5M funding round
What You'll Get:
✔️ Crystal-Clear Reports – With fix priorities, risk ratings, and business context
✔️ Full-Stack Security Coverage – From your login page to your cloud buckets
✔️ Peace of Mind – Know you're secure before auditors or attackers show up
Let’s talk before hackers do.
Message me to discuss your cybersecurity needs and get a free 15-minute consultation.
Ehtisham F.
has worked
.
$85/hr
100%
Job Success
$7K+ earned
Offers consultations
Start of list.
End of list.
If your web application, API, or AI system has vulnerabilities, attackers will
find them. My job is to find them first.
I'm Md Shofiur, a Certified Ethical Hacker (CEH) and senior penetration tester
with 8+ years securing applications and infrastructure across fintech, healthcare,
e-commerce, and SaaS. I'm Top Rated on Upwork with a 100% Job Success Score
across every engagement I've taken on.
What I test:
Web applications (OWASP Top 10 methodology)
REST and GraphQL APIs (authentication, injection, IDOR, rate limiting)
AI-powered applications and LLM systems (OWASP LLM Top 10)
WordPress, Laravel, and custom CMS platforms
Network and VPS infrastructure
PCI DSS, HIPAA, and ISO 27001 compliance environments
What makes my work different:
I don't run a scanner and call it a pentest. Every engagement starts with
manual reconnaissance, follows a structured methodology, and ends with a
report your developers can actually act on. Each finding includes a risk
rating, business impact, step-by-step proof of concept, and specific
remediation guidance — not just a list of CVEs.
AI Security Testing:
I'm one of the few penetration testers offering dedicated security assessments
for AI systems. If your company uses an LLM-powered chatbot, AI agent, RAG
system, or AI API, I test it against the full OWASP LLM Top 10 — covering
prompt injection, data extraction, insecure output handling, excessive agency,
and more.
Compliance experience:
PCI DSS v4.0 external and internal penetration testing
HIPAA security rule technical safeguard assessments
ISO/IEC 27001 security control validation
SOC 2 readiness penetration testing support
Certifications:
Certified Ethical Hacker (CEH)
API Penetration Testing
API Security for PCI Compliance
ISO/IEC 27001 Information Security Associate
Certified in Cybersecurity
What you get from every engagement:
Every report I deliver includes an executive summary for management, a
technical findings section with full proof of concept for each vulnerability,
risk ratings using industry-standard scoring, and a prioritized remediation
roadmap your team can follow immediately.
I respond within 4 hours and offer a free 15-minute discovery call before
any engagement starts. Message me with your project details and I'll tell
you exactly what I'd find and how I'd approach it.
Md Shofiur R.
has worked
.
$100/hr
100%
Job Success
$70K+ earned
Available now
Start of list.
End of list.
OSCP & CEH-certified Penetration Tester with 8+ years of hands-on experience in Web, Mobile (iOS/Android), API, and Cloud security testing. 65+ projects delivered, 100% Job Success Score, Top Rated on Upwork.
I help SaaS companies, healthcare platforms, FinTech, E-commerce and EdTech startups find real, exploitable vulnerabilities before attackers do, through manual penetration testing that goes far beyond automated scans.
— What makes my testing different —
I focus on real exploitation, not theoretical findings. Automated scanners miss business logic flaws, broken access control, and chained vulnerabilities. My OSCP-trained approach simulates how a motivated attacker would actually compromise your application, then documents the path so your developers can fix it for good.
Every engagement includes a free retest after remediation, so you know the fix worked.
— Core services —
• Web Application Penetration Testing (OWASP WSTG v4.2 methodology)
• Mobile App Security Testing for iOS & Android (OWASP MASVS / MASTG)
• API Security Testing — REST, GraphQL, OWASP API Top 10
• Cloud Security Reviews — AWS / GCP / Azure misconfiguration testing
• Source Code Security Review (PHP, Node.js, Python)
• AI / LLM Security — Prompt Injection, Data Leakage, OWASP LLM Top 10
• WordPress & PHP Application Hardening
• WAF Bypass Testing & Detection Engineering
— Tools & methodologies —
Burp Suite Professional, Frida, Nmap, sqlmap, Metasploit, OWASP ZAP, Nuclei, Genymotion, MobSF, OWASP WSTG, OWASP MASVS, MITRE ATT&CK, NIST SP 800-115.
— Industries I've worked with —
Healthcare & medical devices (compliance-grade pentest + documentation), EdTech mobile platforms (iOS app dynamic analysis with Frida, Keychain audit), SaaS startups (full-stack web + API testing), e-commerce (WAF bypass, payment flow security).
— Compliance support —
GDPR, PCI-DSS, ISO 27001, SOC 2, HIPAA — I provide the technical evidence and remediation documentation auditors expect.
— How I work —
1. Send me your application URL or scope description, I'll review it and respond within 24 hours
2. Fixed-price or hourly proposal with clear deliverables, no surprises
3. Manual testing with detailed PoC for every finding
4. Executive summary + technical report (CVSS-scored, remediation-ready)
5. Free retest after your team applies the fixes
— Certifications —
• OSCP — Offensive Security Certified Professional
• CEH — Certified Ethical Hacker
• MSc in Information Systems & Network Security — University of Milan
Send me your application URL or a brief scope description, and within 24 hours you'll get a focused assessment and a clear, fixed-price estimate.
Luca F.
has worked
.
$50/hr
100%
Job Success
$1M+ earned
Available now
Offers consultations
Start of list.
End of list.
About Us
= = = =
At ALGO, we design and develop systems, platforms, and automation powered by AI and emerging technologies.
We integrate AI agents, software, data, and infrastructure to turn complex use cases into real, scalable, production-ready solutions.
What We Do
= = = =
We build solutions in:
AI, agents, platforms, systems, and automation, along with Blockchain, IoT, Immersive Technologies, Robotics, Game Development, Cybersecurity, Digital Twins, and Quant Engineering.
Our focus is clear: moving from isolated experiments to integrated systems that generate real business impact.
Why ALGO
= = = =
ALGO combines advanced engineering, expertise in emerging technologies, and strong execution capabilities to help companies design, develop, and scale complex technology solutions.
Let’s build what matters
= = = =
If you’re looking to turn AI or emerging technologies into real solutions, ALGO can help.
Associated with
ALGO ® 🏅 With Expert-Vetted Talent (Top 1%)
$3M+
earned
$55/hr
100%
Job Success
$2K+ earned
Start of list.
End of list.
Worried About Security? Tired of Boring Tasks? Need software Solutions ? No Problem!
Concerned about your system’s security? I’ll safeguard your digital assets with thorough penetration testing and vulnerability assessments. Drowning in tedious tasks? Let me automate them, saving you time and enhancing productivity. No website? I create custom sites that not only look great but work perfectly for your needs. Let’s tackle your digital challenges together!
I am Nour El Dien Bassiouny, a dedicated Penetration Tester with a strong focus on web, network, and android app pentesting. Holding the eWPTXv2 certification, I bring expertise in identifying and exploiting vulnerabilities to secure your systems effectively.
My technical proficiency spans various programming languages and frameworks, including C++, C, PHP, MySQL, SQLite3, MongoDB, Laravel, Flask, Java, Python, and Bash. I am skilled in web and desktop development, automation, web scraping, and API development.
With a primary emphasis on penetration testing and vulnerability assessment, I am committed to delivering thorough and reliable security evaluations to protect your assets. Let's work together to enhance your cybersecurity posture.
$15/hr
100%
Job Success
Offers consultations
Start of list.
End of list.
I have conducted and led hundreds of security audits, penetration tests and red team engagements for a variety of companies, ranging from multinational corporations with thousands of hosts in scope to startups or small clients that want to have an edge over their competition security-wise.
My day-to-day job is that of an ethical hacker, which has allowed me to amass great hands-on experience in the field of Penetration Testing, Cyber Security and Vulnerability Assessment, and to have a great understanding of the most widespread and modern technology stacks currently in use around the globe and their flaws from a security standpoint.
I am able to provide the following services:
✅ Penetration Testing Engagement ✅
This includes both thorough manual testing of all functionalities and automated testing for all websites, applications, servers or infrastructure included in the scope of work, using both professional enterprise grade software such as BurpSuite Professional and Nessus and also personal scripts and tools gathered over past engagements. This services extends as well to internal penetration tests and network infrastructure testing as well.
✅ Professional Report & Statistics ✅
Detailed report explaining step-by-step the exploitation and discovery method of each and every vulnerability discovered. Proof-of-Concept screen captures, full requests and responses, CVSS v3.0 standardised risk score, impact and ownership included.
✅ Remediation Advice & Guidance ✅
Remediation advice regarding all security issues discovered, how to fix them and warnings associated with the impact and risk of these vulnerabilities.
✅ Asset Discovery ✅
Through both active and passive methods, I can help you asses how big your digital footprint is on the internet and what is the attack platform visible from an outsider threat perspective. This includes subdomain enumeration and service/port discovery.
✅ Free Checkup ✅
Included in the price will be a checkup/retest of all aforementioned vulnerabilities present in the report in order to ensure that the implemented security controls and/or fixes are working as intended and that there is no other way to bypass them or exploit that vulnerability any longer.
✅ OSINT Reconnaissance ✅
Gathering of all valuable data pertaining to your company available on the internet. This includes any breached email addresses and related passwords available in cleartext on the internet, usually being traded on the dark web. Full access to over 4 billion records of personally curated lists of such information will help you to asses how vulnerable you are and what passwords need to be changed as soon as possible.
✅ Briefing ✅
I am available for calls/meetings discussing what the Scope of Work will be, where the focus of the penetration testing engagement will be, if all subdomains need to be included, if you want a black-box type of engagement or a white-box engagement, if accounts will be required, preferred hours for load testing and any other guidance your company would require if this is the first penetration test engagement that you are doing.
✅ Debriefing ✅
I am available for calls/meetings after the penetration test is completed in order to discuss with you the results of the engagement, what the main issues were and what my concerns regarding the security of your company are. This includes any further clarification regarding any vulnerability and the impact/risk associated with it.
NAHID M.
has worked
.