You will get A OWASP Web Application Penetration Testing Followed by a Detail Report.

Md Shofiur R.Status: Offline
Md Shofiur R. Md Shofiur R.
4.9
Top Rated

Let a pro handle the details

Buy Assessments & Penetration Testing services from Md Shofiur, priced and ready to go.
Md Shofiur R.Status: Offline
Md Shofiur R. Md Shofiur R.
4.9
Top Rated

Let a pro handle the details

Buy Assessments & Penetration Testing services from Md Shofiur, priced and ready to go.

Project details

I provide advanced security assessments for web and mobile applications.

My test coverage includes (but is not limited to) checklists such as OWASP Top 10 and SANS Top 25 Software Errors.

Covering all functions of the application, from user enrollment through to administrative functions, I perform both automated tests with the best tools on the market and detailed manual tests.

Results of the automated tests are manually checked and false positives are omitted.

I perform risk assessments for each individual finding, based on the importance of the data asset at risk, likelihood of discovery by attackers and technical complexity of exploiting the weakness .

You always get very realistic findings, pinpointing where the risk is at, as well as detailed and applicable remediation recommendations. If preferred by the client, I also support the developers during the remediation phase, through meetings or email, so as to ensure that they understand the problem properly and create a robust fix. I also perform re-tests to ensure that the problem is solved completely.
Cybersecurity Assessment Type
Penetration Testing
Cybersecurity Expertise
Audit, Risk Assessment, Cybersecurity Awareness
Technology Type
Firewall, IaaS, Computer Network, Data Center, Database, Operating System, SaaS, Web Application, CRM, Email System, ERP, Mobile Device, PaaS
Cybersecurity Regulation
GDPR, ISO, NIST Cybersecurity Framework, PCI DSS, SOC 2
What's included
Service Tiers Starter
$149
Standard
$499
Advanced
$998
Delivery Time 4 days 7 days 12 days
Application Audit
Project Plan
Cost Estimation
Optional add-ons You can add these on the next page.
Remediation Support
+$250
4.9
8 reviews
88% Complete
13% Complete
1% Complete
(0)
1% Complete
(0)
1% Complete
(0)

Aa

Amiram a.
5.00
Jan 25, 2026
Penetration Testing Company Needed for Web Application (Fast Delivery + Official Report) It was a pleasure working with Md Shofiur.
He delivered high-quality work, maintained excellent communication, and stayed perfectly on schedule. What I appreciated most was his honesty when I requested a milestone outside his core expertise, he was upfront about it and even helped me source other freelancers to fill the gap.
His integrity and skills make him a great asset, and I look forward to hiring him again

PS

Parvinder S.
5.00
Mar 16, 2023
Test VPS Server Security Settings

PS

Parvinder S.
5.00
Feb 16, 2023
Need to Scan & Fix Bugs in Core PHP Website

HB

Hatem B.
5.00
Feb 15, 2023
Cyber security consultation It was great working with Rahman. A true expert in cybersecurity.

Polite and with good communication skills. When I needed help removing malware, he was quick to reply and fix the issue.

WD

Willyzd D.
5.00
Dec 10, 2022
PenTest windows app Well done
Md Shofiur R.Status: Offline

About Md Shofiur

Md Shofiur R.Status: Offline
Senior Penetration Tester | Web App - API - AI Security Testing | CEH
100% Job Success
4.9  (8 reviews)
Dhaka, Bangladesh - 9:38 am local time
If your web application, API, or AI system has vulnerabilities, attackers will
find them. My job is to find them first.

I'm Md Shofiur, a Certified Ethical Hacker (CEH) and senior penetration tester
with 8+ years securing applications and infrastructure across fintech, healthcare,
e-commerce, and SaaS. I'm Top Rated on Upwork with a 100% Job Success Score
across every engagement I've taken on.

What I test:


Web applications (OWASP Top 10 methodology)
REST and GraphQL APIs (authentication, injection, IDOR, rate limiting)
AI-powered applications and LLM systems (OWASP LLM Top 10)
WordPress, Laravel, and custom CMS platforms
Network and VPS infrastructure
PCI DSS, HIPAA, and ISO 27001 compliance environments


What makes my work different:

I don't run a scanner and call it a pentest. Every engagement starts with
manual reconnaissance, follows a structured methodology, and ends with a
report your developers can actually act on. Each finding includes a risk
rating, business impact, step-by-step proof of concept, and specific
remediation guidance — not just a list of CVEs.

AI Security Testing:
I'm one of the few penetration testers offering dedicated security assessments
for AI systems. If your company uses an LLM-powered chatbot, AI agent, RAG
system, or AI API, I test it against the full OWASP LLM Top 10 — covering
prompt injection, data extraction, insecure output handling, excessive agency,
and more.

Compliance experience:


PCI DSS v4.0 external and internal penetration testing
HIPAA security rule technical safeguard assessments
ISO/IEC 27001 security control validation
SOC 2 readiness penetration testing support


Certifications:


Certified Ethical Hacker (CEH)
API Penetration Testing
API Security for PCI Compliance
ISO/IEC 27001 Information Security Associate
Certified in Cybersecurity


What you get from every engagement:
Every report I deliver includes an executive summary for management, a
technical findings section with full proof of concept for each vulnerability,
risk ratings using industry-standard scoring, and a prioritized remediation
roadmap your team can follow immediately.

I respond within 4 hours and offer a free 15-minute discovery call before
any engagement starts. Message me with your project details and I'll tell
you exactly what I'd find and how I'd approach it.

Steps for completing your project

After purchasing the project, send requirements so Md Shofiur can start the project.

Delivery time starts when Md Shofiur receives requirements from you.

Md Shofiur works on your project following the steps below.

Revisions may occur after the delivery date.

Reporting

I will provide you with a professionally written report including; vulnerability descriptions, exploitation steps, recommendations, root causes, and more.

Review the work, release payment, and leave feedback to Md Shofiur.