You will get a Pentest of Web / Mobile Application
Abdul W.
You will get a Pentest of Web / Mobile Application
Abdul W.
Project details
I'll be following the OWASP and pentest application from the black box and grey box perspective. This will enable me to pentest it from an authenticated perspective to specifically look for Authorization issues and privilege escalation like changing the profile info of other users, perform an action on behalf of admin/other roles to identify Role-Based Authorizations too.
What's included
Service Tiers |
Starter
$300
|
Standard
$800
|
Advanced
$1,500
|
---|---|---|---|
Delivery Time | 3 days | 7 days | 20 days |
Application Audit | - | - | - |
Project Plan | - | - | - |
Cost Estimation | - | - | - |
Frequently asked questions
About Abdul
Application Security Engineer | Senior Penetration Tester | Red Teamer
Berlin, Germany - 4:56 am local time
Day Job Activities/Responsibilities
===========================
- Team Management and responsible for the timely delivery of OKRs
- Performing Web , API and Mobile Application Penetration Testing
- Performing Cloud Security Assessment
- Source code review for Web and Mobile Applications
- Pentest automation with scripts and Burpsuite Plugins
- Implementing left shift security using GHAS
- Execute purple teaming exercise to improve detection rules
- Launching phishing campaigns
- Conduct secure coding and phishing awareness training
- Moderating HackerOne Bug Bounty Program and VDP
- Collaborate with developers and IT on patching bugs & vulnerabilities
Skills
====
Application Security: Wiz, GitHub Advance Security, GitHub Actions, Trivy, Kube-Hound, CodeQL, Semgrep, Jira.
Web / API Pentest: BurpSuite, Acunetix, Nikto, dirSearch, goBuster, SQLMap, Custom Scripts.
Network Pentest: NMAP, Nessus Professional, Cobalt Strike, Empire, Silenttrinity, Metasploit, CrackMapExec, Impacket, Blood Hound, Hashcat, Aircrack-ng, PowerView, Powersploit, Mimikatz, rPiovt, chisel, PowerUpSQL, UACMe.
Mobile App Pentest: Frida, Xposed, Drozer, Passion Fruit, House, Adb, apktool, dex2jar, jadx, otool, Radare2, Dumpdecrypt, MobSF.
Web Development: MEAN Stack, Django, PHP, JavaScript, JQuery, MySQL.
Desktop Application Development: C#, Entity Framework, MetroUIFramework.
Programming Language: C, C#, C++, Java, PHP, Python, NodeJS.
Scripting & Automation: Python, BASH, BATCH, PowerShell, NodeJS
Open Source Projects:
AES-Killer1, Burp plugin to decrypt AES encrypted traffic of applications on the fly, (Java).
HackBar2, HackBar plugin for Burpsuite, (Java).
Nessus_Map3, Django application to parse .nessus file(s) and shows output in interactive UI, (Python).
RAT, Remote Access Tool for red teaming, (C#, C++, Entity Framework, MySQL).
Recon_Wolf, Automated tool for reconnaissance of an organization, (Python).
MGun, Automate RBAC and some generic pentest use cases for API/Web, (Python).
5Gun, 5G Core Security Assessment Utility, (Python).
Kubehound, KubeHound looks for security misconfigurations and common mistakes in Kubernetes deployment, (Python).
Misc, a couple of Burpsuite plugins targeting complex application request/response decoding, captcha bypass and authorization, (Java, Python).
Steps for completing your project
After purchasing the project, send requirements so Abdul can start the project.
Delivery time starts when Abdul receives requirements from you.
Abdul works on your project following the steps below.
Revisions may occur after the delivery date.
Authorization and Business Logic Testing
- View / Update profile information of other users - Book a ride/place an order on behalf of other users - Add/ Edit / Delete user as X user role (where X can be manager, employee, or user) - Book free ride/place free orders
OWASP Testing
1. Information Gathering 2. Configuration and Deploy Management 3. Identity Management 4. Authentication 5. Authorization 6. Session Management 7. Data Validation 8. Error Handling 9. Cryptography 10. Business Logic 11. Client Side