You will get a Pentest of Web / Mobile Application

Abdul W.
Abdul W.

Let a pro handle the details

Buy Assessments & Penetration Testing services from Abdul, priced and ready to go.

You will get a Pentest of Web / Mobile Application

Abdul W.
Abdul W.

Let a pro handle the details

Buy Assessments & Penetration Testing services from Abdul, priced and ready to go.

Project details

I'll be following the OWASP and pentest application from the black box and grey box perspective. This will enable me to pentest it from an authenticated perspective to specifically look for Authorization issues and privilege escalation like changing the profile info of other users, perform an action on behalf of admin/other roles to identify Role-Based Authorizations too.
What's included
Service Tiers Starter
$300
Standard
$800
Advanced
$1,500
Delivery Time 3 days 7 days 20 days
Application Audit
-
-
-
Project Plan
-
-
-
Cost Estimation
-
-
-

Frequently asked questions

Abdul W.

About Abdul

Abdul W.
Application Security Engineer | Senior Penetration Tester | Red Teamer
Berlin, Germany - 4:56 am local time
I am a Senior Application Security Engineer and Offensive Team Lead in a Product based company. For the past 7 years, I have experience in the Pentest of External/Internal Network Infrastructure, Web Applications, Mobile Apps (iOS + Android), Malware/RAT Development for red teaming Desktop applications and Cloud Security Assessment.

Day Job Activities/Responsibilities
===========================
- Team Management and responsible for the timely delivery of OKRs
- Performing Web , API and Mobile Application Penetration Testing
- Performing Cloud Security Assessment
- Source code review for Web and Mobile Applications
- Pentest automation with scripts and Burpsuite Plugins
- Implementing left shift security using GHAS
- Execute purple teaming exercise to improve detection rules
- Launching phishing campaigns
- Conduct secure coding and phishing awareness training
- Moderating HackerOne Bug Bounty Program and VDP
- Collaborate with developers and IT on patching bugs & vulnerabilities

Skills
====
Application Security: Wiz, GitHub Advance Security, GitHub Actions, Trivy, Kube-Hound, CodeQL, Semgrep, Jira.
Web / API Pentest: BurpSuite, Acunetix, Nikto, dirSearch, goBuster, SQLMap, Custom Scripts.
Network Pentest: NMAP, Nessus Professional, Cobalt Strike, Empire, Silenttrinity, Metasploit, CrackMapExec, Impacket, Blood Hound, Hashcat, Aircrack-ng, PowerView, Powersploit, Mimikatz, rPiovt, chisel, PowerUpSQL, UACMe.
Mobile App Pentest: Frida, Xposed, Drozer, Passion Fruit, House, Adb, apktool, dex2jar, jadx, otool, Radare2, Dumpdecrypt, MobSF.
Web Development: MEAN Stack, Django, PHP, JavaScript, JQuery, MySQL.
Desktop Application Development: C#, Entity Framework, MetroUIFramework.
Programming Language: C, C#, C++, Java, PHP, Python, NodeJS.
Scripting & Automation: Python, BASH, BATCH, PowerShell, NodeJS

Open Source Projects:
AES-Killer1, Burp plugin to decrypt AES encrypted traffic of applications on the fly, (Java).
HackBar2, HackBar plugin for Burpsuite, (Java).
Nessus_Map3, Django application to parse .nessus file(s) and shows output in interactive UI, (Python).
RAT, Remote Access Tool for red teaming, (C#, C++, Entity Framework, MySQL).
Recon_Wolf, Automated tool for reconnaissance of an organization, (Python).
MGun, Automate RBAC and some generic pentest use cases for API/Web, (Python).
5Gun, 5G Core Security Assessment Utility, (Python).
Kubehound, KubeHound looks for security misconfigurations and common mistakes in Kubernetes deployment, (Python).
Misc, a couple of Burpsuite plugins targeting complex application request/response decoding, captcha bypass and authorization, (Java, Python).

Steps for completing your project

After purchasing the project, send requirements so Abdul can start the project.

Delivery time starts when Abdul receives requirements from you.

Abdul works on your project following the steps below.

Revisions may occur after the delivery date.

Authorization and Business Logic Testing

- View / Update profile information of other users - Book a ride/place an order on behalf of other users - Add/ Edit / Delete user as X user role (where X can be manager, employee, or user) - Book free ride/place free orders

OWASP Testing

1. Information Gathering 2. Configuration and Deploy Management 3. Identity Management 4. Authentication 5. Authorization 6. Session Management 7. Data Validation 8. Error Handling 9. Cryptography 10. Business Logic 11. Client Side

Review the work, release payment, and leave feedback to Abdul.