Penetration Tester - Angular & PHP Web Application

Penetration Tester Needed – Custom Angular & PHP Web Application Budget: $1,000 – $1,500 (Fixed Price) Location: Remote About the Project We are seeking an experienced penetration tester to perform a thorough security assessment of a custom-built web application developed with Angular (frontend) and PHP (backend). The objective is to identify vulnerabilities, evaluate risk levels, and provide clear, actionable remediation recommendations. Scope of Testing 1. Web Application Security Testing Identify common and advanced vulnerabilities (e.g., XSS, SQL injection, CSRF, IDOR) Evaluate client-side Angular logic for potential security weaknesses Assess file upload functionality, input validation, and data sanitisation 2. API Security Testing Test REST API endpoints for improper exposure and injection flaws Review rate limiting, input handling, and sensitive data leakage Assess authentication mechanisms and token security 3. Authentication & Authorization Test login systems for brute force and credential stuffing vulnerabilities Evaluate session management and handling Assess role-based access control (RBAC) and privilege escalation risks Review password policies, MFA implementation, and session timeouts 4. Network & Infrastructure Testing Identify server misconfigurations and unnecessary open ports Review SSL/TLS configuration and certificate validity Detect exposed services or administrative interfaces Deliverables The final report should include: Executive Summary – High-level overview for non-technical stakeholders Technical Findings – Detailed vulnerabilities with proof of concept (PoC) Risk Ratings – Severity levels (Critical / High / Medium / Low / Informational) Remediation Recommendations – Clear steps to resolve each issue Retest Guidance – Instructions for validating fixes

Requirements

Proven experience in web application and infrastructure penetration testing Strong understanding of Angular and PHP-based systems Familiarity with OWASP Top 10 and security best practices Proficiency with tools such as Burp Suite, Nmap, Metasploit, Nikto, or similar Ability to provide sample reports or past project examples Strong written English for clear documentation Certifications such as CEH, OSCP, eWPT, or similar are a plus NDA & Legal Requirements The selected contractor must sign a Non-Disclosure Agreement (NDA) and a contractor agreement before gaining access. Testing outside the approved scope is strictly prohibited. All agreements will be managed through Upwork prior to project start.

How to Apply

Please include the following in your proposal: Answers to the screening questions below A brief summary of relevant experience A sample (redacted) penetration testing report Your estimated timeline for completion Screening Questions Please confirm the following: Are you able to complete a full penetration testing audit within a budget of $1,000–$1,500? What testing methodology do you use (black-box, grey-box, white-box), and what systems will be in scope? Can you share examples of previous reports and verifiable client references? What certifications or affiliations do you hold (e.g. CREST, OSCP)? Are you willing to sign an NDA and a non-exploitation agreement covering all findings and access? What level of access will you require (staging vs production), and how do you handle sensitive data during testing? Do you provide a detailed remediation report, and do you offer retesting after fixes are implemented? Can you outline your process for ensuring all access, accounts, and test artefacts are removed after the engagement? Apply tot his job Apply To this Job