• Projects 42
  • Rating 4.8
  • Rating 4 332

Budget: 8000 UAH Deadline: 2 days

Hello, I possess all the necessary competencies, both technical and economic. I will be happy to help as quickly as possible.

  • Projects 39
  • Rating 4.8
  • Rating 1 855

Budget: 8000 UAH Deadline: 5 days

Good day. It's quite an interesting task, and I will gladly complete it.

  • Projects -
  • Rating -
  • Rating 229

Budget: 8000 UAH Deadline: 1 day

Greetings! The categories specified in the order are not quite correct (classic QA or data engineer won't help here); you need a pure Application Security / Pentest specialist. Automated scanners like Omni-Scanner are good for finding forgotten software versions or default configs, but they are completely blind when it comes to application logic and custom WAF rules. My main specialization is indeed manual analysis and logical vulnerabilities:
Business Logic Flaws: I look for vulnerabilities in the logic of the shopping cart, payment systems, ID substitution (IDOR), bypassing restrictions (Rate Limit / Captcha), and Race Conditions, which automation physically cannot simulate.
Vulnerability Chaining: I don't just fix low bugs; I chain them together. For example, from a harmless Self-XSS through CSRF or header substitution, I can escalate to a full account takeover (Account Takeover) or SSRF/RCE.
Bypassing protective mechanisms: I have experience analyzing WAF logic (both cloud and custom modules), searching for "gray areas" in request parsing (HTTP Request Smuggling, SQLi through filters, bypassing authorization through headers like X-Forwarded-For).
I have studied the document linked. I am ready to conduct a quality black-box/gray-box audit, check the findings from your scanner, and provide a detailed report (RTF) on the classification of OWASP Top 10 with a detailed description of PoC (Proof of Concept) and remediation recommendations.
I am willing to consider a budget of 8000 UAH as a starting point for assessing the critical scope. I suggest we chat privately to discuss the architecture of the web application (stack, presence of API) and define the exact project scope.
Looking forward to your response!

  • Projects -
  • Rating -
  • Rating 310

Budget: 8000 UAH Deadline: 5 days

Hello!

I have experience in manual QA and testing complex logic of web applications.
I will focus on:
- finding vulnerabilities in business logic
- non-standard scenarios and bypassing restrictions
- building chains of vulnerabilities
- checking authorization, access rights, and data validation
Deliverables:
- a structured report with vulnerabilities (description, reproduction steps, impact)

  • Projects 67
  • Rating 5.0
  • Rating 12 773

Budget: 8000 UAH Deadline: 5 days

Hello! I will perform a manual analysis. I will complete your task quickly and efficiently.

My latest works
https://florist-map.vercel.app
https://indexfast.pp.ua
https://monitortest.pp.ua
https://mamamia.pp.ua

My portfolio: https://freelancehunt.com/ua/freelancer/romas6ka.html#portfolio
Feel free to write, I will start working today. I look forward to collaborating with you!

  • Projects -
  • Rating -
  • Rating 196

Budget: 27000 UAH Deadline: 7 days

We already have a nearly ready process for manual auditing of web applications and infrastructure, which can be quickly adapted to your goals and started within the marketplace. I'm available to discuss.))
Regarding the budget - 8000 UAH seems sufficient only for a short initial manual check of 1-2 points, while a deep L2/L3 audit based on your document I would estimate starting from 35000 UAH for 7 days.
Look, there’s a nuance - before any checks, written permissions for testing are needed, along with a list of domains or IPs, load limits, and prohibited actions; otherwise, we might accidentally create not an audit, but an adventure for lawyers.
I would simplify it - first, we check reconnaissance, business logic, sessions, roles, CMS, and critical scanner hooks, then we provide a report with risks, reproduction, and priorities for fixes.
> Please clarify how many goals are included in the first stage and if there is a separate test environment.
> Is it necessary to only find vulnerabilities or also to check fixes after improvements?
> https://business.ingello.com/platforma - similar experience with corporate roles, processes, and access rights.
> https://business.ingello.com/lita - a project with sensitive data and strict access scenarios.
> https://systems-fl.ingello.com - who we are and what system projects we do.
If we agree on the boundaries, we can carefully start the work - quietly, without unnecessary heroics, but with a normal engineering mindset.))

  • Projects 43
  • Rating 4.6
  • Rating 4 938

Budget: 8000 UAH Deadline: 3 days

Good day! I am ready to conduct a thorough manual security audit of the web application and infrastructure. Using intuition and unconventional approaches, I will identify vulnerabilities in business logic and exploit chains that are not accessible to automated scanners. Experience working with WAF, Captcha, complex application logic, and advanced testing techniques. Contact me to discuss the details.

Proposals concealed

The list does not show proposals concealed by the client or freelancer with a Plus profile, as well as proposals violating rules

Current freelance projects in the category Databases & SQL

12:45
16 July
16 July
16 July