Project Request: Web application penetration/vulnerability testing

Photo by Igor Miske on Unsplash Looking a testing Expert with proven record in cybersecurity and can assess our web application security posture and identify weaknesses, vulnerabilities and exploits in the information systems, networks, applications, procedures, and facilities, per the identified scope. All tests shall be non-destructive in nature in first test cycle, where all remote system scanning, and attempts to exploit vulnerabilities or escalate privileges are conducted with proper care to avoid any disruption of service. 1. The ability to perform all gray, black and white box testing, including. 2. Password service strength testing 3. Denial of service identification 4. Public information & information leakage 5. Brute force (on designated systems) 6. Password Cracking 7. Whaling 8. Access perspectives 9. Should be able to exploit all possible attack surfaces identified. 10. Tester must complete all clean up processes before finishing the penetration test, including Confidential data about the customer obtained from the penetration test must be disposed of in an appropriate manner. 11. Tester shall have support for any technical issues associated with penetration testing. 12. Individual performing the testing will be required to have one of the following industries recommended information security certifications: Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), SANS GIAC Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP), Certified Information Security Auditor (CISA). 13. Demonstrate experience with black box and grey box penetrating testing, social engineering. Deliverables 1. Project Plan: 1. A project plan will be adopted and delivered prior the selection. 2. Regular project status update meetings 1. Final Report will include: 1. Executive Summary Executive-level discussion regarding the assessment, including the objectives and findings. Also, Risk summary to identify both level of risk as well as level of effort required to remediate. 2. Scope and Rules of Engagement Documents client’s requirements/scope and any assumptions 3. Security Posture Analysis Summarized recommendations and Concise view into positive and negative findings At Puffin Security, we enjoy contributing knowledge regarding security projects to complex organizations as our team is composed by Certified Security Engineers who follow codes of conduct (The ISACA, (ISC)2 and ISSA codes of conduct – likewise the OSSTMM “Rules of Engagement”). For more information, [contact us here](https://www.puffinsecurity.com/contact-us) or