You will get a Web Application Penetration Test

Luca F.Status: Offline
Luca F. Luca F.
5.0
Top Rated

Let a pro handle the details

Buy Assessments & Penetration Testing services from Luca, priced and ready to go.
Luca F.Status: Offline
Luca F. Luca F.
5.0
Top Rated

Let a pro handle the details

Buy Assessments & Penetration Testing services from Luca, priced and ready to go.

Project details

Most penetration testers run automated scanners and repackage the output as a report. I don't.
Every test I deliver is fully manual, following the OWASP Web Security Testing Guide v4.2, the same methodology used by enterprise security teams. I simulate real attacker behavior: authentication bypass, privilege escalation, business logic abuse, API manipulation, and chained attack scenarios that automated tools will never catch.
What you get: a professional report with every finding rated by severity, a working proof-of-concept for each exploitable vulnerability, clear remediation steps your developers can act on immediately, and a free retest once fixes are applied, no extra charge.
OSCP certified. 100% Job Success. Top Rated. 65+ penetration tests completed on Upwork, across web applications, mobile apps, APIs, and cloud environments.
I respond within 24 hours with a scoping assessment and a fixed-price estimate based on your actual attack surface, no surprises.
Cybersecurity Assessment Type
Penetration Testing
Cybersecurity Expertise
Data Protection, Audit, Risk Assessment
Technology Type
IaaS, Database, SaaS, Web Application
Cybersecurity Regulation
GDPR, ISO, HIPAA, PCI DSS, SOC 2
What's included
Service Tiers Starter
$1,300
Standard
$1,900
Advanced
$2,600
Delivery Time 4 days 6 days 9 days
Application Audit
Project Plan
-
-
-
Cost Estimation
Optional add-ons You can add these on the next page.
Fast Delivery
+$100 - $400

Frequently asked questions

5.0
45 reviews
100% Complete
1% Complete
(0)
1% Complete
(0)
1% Complete
(0)
1% Complete
(0)

RH

Richard H.
5.00
Apr 29, 2026
Ethical Hacker Needed for Website Vulnerability Assessment Great services from Luca, he exceeded our expectations, was professional and delivered on time and budget.

KL

Kolbjorn L.
5.00
Apr 24, 2026
Penetration Testing Great communication, highly professional, and very thorough work. The reports were clear, actionable, and helped us quickly identify and fix critical issues. Would definitely work together again.

CW

Colin W.
5.00
Apr 23, 2026
Moroku Pen Testing Luca is fabulous. as cyber puts greater pressure on digital services, having a black hat of his calibre on your team is a must

DM

Daniel M.
5.00
Sep 28, 2025
Penetration testing of updates

GE

Gordon E.
5.00
Aug 1, 2025
Vulnerabilities assessment for web app Great to work with, invaluable insight and expertise. Will use again.
Luca F.Status: Offline

About Luca

Luca F.Status: Offline
Senior Penetration Tester | OSCP | OWASP, Burp, Frida | Top Rated
100% Job Success
5.0  (45 reviews)
Valdagno, Italy - 6:11 am local time
OSCP & CEH-certified Penetration Tester with 8+ years of hands-on experience in Web, Mobile (iOS/Android), API, and Cloud security testing. 65+ projects delivered, 100% Job Success Score, Top Rated on Upwork.

I help SaaS companies, healthcare platforms, FinTech, E-commerce and EdTech startups find real, exploitable vulnerabilities before attackers do, through manual penetration testing that goes far beyond automated scans.

— What makes my testing different —

I focus on real exploitation, not theoretical findings. Automated scanners miss business logic flaws, broken access control, and chained vulnerabilities. My OSCP-trained approach simulates how a motivated attacker would actually compromise your application, then documents the path so your developers can fix it for good.

Every engagement includes a free retest after remediation, so you know the fix worked.

— Core services —

• Web Application Penetration Testing (OWASP WSTG v4.2 methodology)
• Mobile App Security Testing for iOS & Android (OWASP MASVS / MASTG)
• API Security Testing — REST, GraphQL, OWASP API Top 10
• Cloud Security Reviews — AWS / GCP / Azure misconfiguration testing
• Source Code Security Review (PHP, Node.js, Python)
• AI / LLM Security — Prompt Injection, Data Leakage, OWASP LLM Top 10
• WordPress & PHP Application Hardening
• WAF Bypass Testing & Detection Engineering

— Tools & methodologies —

Burp Suite Professional, Frida, Nmap, sqlmap, Metasploit, OWASP ZAP, Nuclei, Genymotion, MobSF, OWASP WSTG, OWASP MASVS, MITRE ATT&CK, NIST SP 800-115.

— Industries I've worked with —

Healthcare & medical devices (compliance-grade pentest + documentation), EdTech mobile platforms (iOS app dynamic analysis with Frida, Keychain audit), SaaS startups (full-stack web + API testing), e-commerce (WAF bypass, payment flow security).

— Compliance support —

GDPR, PCI-DSS, ISO 27001, SOC 2, HIPAA — I provide the technical evidence and remediation documentation auditors expect.

— How I work —

1. Send me your application URL or scope description, I'll review it and respond within 24 hours
2. Fixed-price or hourly proposal with clear deliverables, no surprises
3. Manual testing with detailed PoC for every finding
4. Executive summary + technical report (CVSS-scored, remediation-ready)
5. Free retest after your team applies the fixes

— Certifications —

• OSCP — Offensive Security Certified Professional
• CEH — Certified Ethical Hacker
• MSc in Information Systems & Network Security — University of Milan

Send me your application URL or a brief scope description, and within 24 hours you'll get a focused assessment and a clear, fixed-price estimate.

Steps for completing your project

After purchasing the project, send requirements so Luca can start the project.

Delivery time starts when Luca receives requirements from you.

Luca works on your project following the steps below.

Revisions may occur after the delivery date.

Scope review

I analyze the provided URLs, endpoints, and access credentials to define the attack surface and confirm the testing approach (black/grey/white-box).

Manual Penetration Testing

I perform hands-on testing following OWASP WSTG v4.2, covering authentication, authorization, input validation, business logic, and API security.

Review the work, release payment, and leave feedback to Luca.