Job Detail

  1. Home
  2. Cyber Defenders
  3. Job detail

Web Application Penetration Testing

  • Job typeJob type: Remote
  • Job DurationLess than a month
  • Project LevelExpensive
  • Project deadlineExpired

Project detail

Security Assessment

  • Full Customization of Testing
  • Web Application Penetration Testing:
  • SANS Top 25 Full Coverage
  • OWASP Top 10 Full Coverage
  • PCI DSS 6.5.1-6.5.11 Full Coverage
  • AI to Augment Human Testing and Analysis
  • Machine Learning to Accelerate Testing
  • Authenticated Testing (2FA / SSO)
  • REST/SOAP API Testing


  • Threat-Aware Risk Scoring
  • Tailored Remediation Guidelines
  • Web Interface, PDF and XML Formats
  • PCI DSS and GDPR Compliances
  • CVE, CWE and CVSSv3 Scores
  • Zero False-Positive SLA

Security Reporting Standards

  • Common Vulnerabilities and Exposures (CVE) Compatible
  • Common Weakness Enumeration (CWE) Compatible
  • Common Vulnerability Scoring System (CVSSv3)
  • OWASP Application Security Verification Standard (ASVS v4.0.2) Mapping


Patch Verification Testing once

Covered Vulnerabilities

OWASP Top 10

  • A1: Broken Access Control
  • A2: Cryptographic Failures
  • A3: Injection
  • A4: Insecure Design
  • A5: Security Misconfiguration
  • A6: Vulnerable and Outdated Components
  • A7: Identification and Authentication Failures
  • A8: Software and Data Integrity Failures
  • A9: Security Logging and Monitoring Failures
  • A10: Server-Side Request Forgery



  • Improper Access Control
  • Insecure Communications
  • Cross-Site Request Forgery (CSRF)
  • Improper Error Handling
  • Broken Authentication and Session Management
  • Injection Flaws
  • Several other “High” Risk Vulnerabilities
  • Buffer Overflows
  • Cross-Site Scripting (XSS)
  • Insecure Cryptographic Storage

SANS Top 25

Full Coverage of SANS Top 25 for all packages

  • CWE-22: Path Traversal
  • CWE-89: SQL Injection
  • CWE-78: Command injection
  • CWE-89: Blind SQL Injection
  • CWE-79: Stored XSS
  • CWE-90: LDAP Injection
  • CWE-79: Reflected XSS
  • CWE-91: XML Injection
  • CWE-79: DOM-Based XSS
  • CWE-93: CRLF Injection
  • CWE-94: Code Injection
  • CWE-113: HTTP Response splitting
  • CWE-94: AJAX Injection
  • CWE-200: Information Exposure
  • CWE-94: JSON Injection
  • CWE-255: Credentials Management
  • CWE-97: SSI injection
  • CWE-284: Improper Access Control
  • CWE-98: Remote/Local PHP File Inclusion
  • CWE-287: Authentication Bypass
  • CWE-345: Insufficient Verification of Data Authenticity
  • CWE-352: Cross-site request forgery (CSRF)
  • CWE-384: Session Fixation
  • CWE-400: Resource Exhaustion
  • CWE-434: Arbitrary File Upload

Startup WAPT

Small Dynamic Websites

Presentational Websites

Audit a Small part of a Web App

Business Websites



Few Third-Party Plug-Ins

Red Teaming Exercises

WAPT Report in 3 business days

Languages required

Freelancer type required for this project

Project Completion deadline

4 March 2020