You will get an AI Penetration Test + OWASP LLM Top 10 Security Report
Top Rated

Top Rated

Project details
AI systems are the fastest-growing attack surface in business today.
Most companies deploying LLM chatbots, AI agents, RAG systems, or AI
APIs have never had them professionally security tested.
I perform a full manual AI penetration test following the OWASP LLM
Top 10 framework, the industry standard for large language model
security. Every finding is documented with a working proof of concept,
a clear risk rating, and specific remediation steps your developers
can act on immediately.
This is not an automated scan. I test manually using Garak, PyRIT,
and Burp Suite combined with a custom methodology built from hands-on
AI security research. Testing covers: prompt injection, system prompt
extraction, indirect injection, insecure output handling, RAG
poisoning, agent and plugin abuse, API security, and data leakage.
I am a Certified Ethical Hacker (CEH), Top Rated on Upwork with 100%
Job Success Score. Every engagement delivers an executive summary for
your management team and a full technical report for your developers.
Your AI system will be attacked. The only question is whether you
find the gaps first.
Most companies deploying LLM chatbots, AI agents, RAG systems, or AI
APIs have never had them professionally security tested.
I perform a full manual AI penetration test following the OWASP LLM
Top 10 framework, the industry standard for large language model
security. Every finding is documented with a working proof of concept,
a clear risk rating, and specific remediation steps your developers
can act on immediately.
This is not an automated scan. I test manually using Garak, PyRIT,
and Burp Suite combined with a custom methodology built from hands-on
AI security research. Testing covers: prompt injection, system prompt
extraction, indirect injection, insecure output handling, RAG
poisoning, agent and plugin abuse, API security, and data leakage.
I am a Certified Ethical Hacker (CEH), Top Rated on Upwork with 100%
Job Success Score. Every engagement delivers an executive summary for
your management team and a full technical report for your developers.
Your AI system will be attacked. The only question is whether you
find the gaps first.
Cybersecurity Assessment Type
Penetration TestingCybersecurity Expertise
AI Compliance, AI Governance, Risk AssessmentTechnology Type
IaaS, Database, SaaS, Web ApplicationCybersecurity Regulation
GDPR, ISO, HIPAA, NIST Cybersecurity Framework, SOC 2What's included
| Service Tiers |
Starter
$499
|
Standard
$899
|
Advanced
$1,499
|
|---|---|---|---|
| Delivery Time | 4 days | 7 days | 10 days |
Application Audit | |||
Project Plan | - | ||
Cost Estimation | - | - | - |
Frequently asked questions
8 reviews
(7)
(1)
(0)
(0)
(0)
This project doesn't have any reviews.
Aa
Amiram a.
Jan 25, 2026
Penetration Testing Company Needed for Web Application (Fast Delivery + Official Report)
It was a pleasure working with Md Shofiur.
He delivered high-quality work, maintained excellent communication, and stayed perfectly on schedule. What I appreciated most was his honesty when I requested a milestone outside his core expertise, he was upfront about it and even helped me source other freelancers to fill the gap.
His integrity and skills make him a great asset, and I look forward to hiring him again
He delivered high-quality work, maintained excellent communication, and stayed perfectly on schedule. What I appreciated most was his honesty when I requested a milestone outside his core expertise, he was upfront about it and even helped me source other freelancers to fill the gap.
His integrity and skills make him a great asset, and I look forward to hiring him again
PS
Parvinder S.
Mar 16, 2023
Test VPS Server Security Settings
PS
Parvinder S.
Feb 16, 2023
Need to Scan & Fix Bugs in Core PHP Website
HB
Hatem B.
Feb 15, 2023
Cyber security consultation
It was great working with Rahman. A true expert in cybersecurity.
Polite and with good communication skills. When I needed help removing malware, he was quick to reply and fix the issue.
Polite and with good communication skills. When I needed help removing malware, he was quick to reply and fix the issue.
WD
Willyzd D.
Dec 10, 2022
PenTest windows app
Well done
About Md Shofiur
Senior Penetration Tester | Web App - API - AI Security Testing | CEH
100%
Job Success
Dhaka, Bangladesh - 2:27 am local time
find them. My job is to find them first.
I'm Md Shofiur, a Certified Ethical Hacker (CEH) and senior penetration tester
with 8+ years securing applications and infrastructure across fintech, healthcare,
e-commerce, and SaaS. I'm Top Rated on Upwork with a 100% Job Success Score
across every engagement I've taken on.
What I test:
Web applications (OWASP Top 10 methodology)
REST and GraphQL APIs (authentication, injection, IDOR, rate limiting)
AI-powered applications and LLM systems (OWASP LLM Top 10)
WordPress, Laravel, and custom CMS platforms
Network and VPS infrastructure
PCI DSS, HIPAA, and ISO 27001 compliance environments
What makes my work different:
I don't run a scanner and call it a pentest. Every engagement starts with
manual reconnaissance, follows a structured methodology, and ends with a
report your developers can actually act on. Each finding includes a risk
rating, business impact, step-by-step proof of concept, and specific
remediation guidance — not just a list of CVEs.
AI Security Testing:
I'm one of the few penetration testers offering dedicated security assessments
for AI systems. If your company uses an LLM-powered chatbot, AI agent, RAG
system, or AI API, I test it against the full OWASP LLM Top 10 — covering
prompt injection, data extraction, insecure output handling, excessive agency,
and more.
Compliance experience:
PCI DSS v4.0 external and internal penetration testing
HIPAA security rule technical safeguard assessments
ISO/IEC 27001 security control validation
SOC 2 readiness penetration testing support
Certifications:
Certified Ethical Hacker (CEH)
API Penetration Testing
API Security for PCI Compliance
ISO/IEC 27001 Information Security Associate
Certified in Cybersecurity
What you get from every engagement:
Every report I deliver includes an executive summary for management, a
technical findings section with full proof of concept for each vulnerability,
risk ratings using industry-standard scoring, and a prioritized remediation
roadmap your team can follow immediately.
I respond within 4 hours and offer a free 15-minute discovery call before
any engagement starts. Message me with your project details and I'll tell
you exactly what I'd find and how I'd approach it.
Steps for completing your project
After purchasing the project, send requirements so Md Shofiur can start the project.
Delivery time starts when Md Shofiur receives requirements from you.
Md Shofiur works on your project following the steps below.
Revisions may occur after the delivery date.
Step
Kick-off: I confirm scope, target URL, test credentials, and testing environment details with you.
Step
Reconnaissance and attack surface mapping across all AI endpoints, inputs, tools, and integrations.