Professional Penetration Tester, Security Consultant Assessment of susceptibility to Cross Site Scripting, SQL Injection and Buffer Overflow Vulnerabilities inline with the OWASP framework. In line with a strict code of conduct, and the rules of engagement agreed upfront with yourself, I will simulate the actions of a malicious and determined hacker. Using a proven methodology I will asses your web app for the above vulnerabilities as well as those laid out in the OWASP top 10 2017. Fully knowledge of CWE top 25 most dangerous software errors on application's. Tools using -- NMAP, Burpsuite, Nessus, Wireshark, Acunetix,W3af, xsser, nmap,nikto,grabber,matalsploit attacks, website redirecting The output of this assessment will provide you with a peer review report highlighting the following; 1. Discovered Vulnerabilities 1. Open Source Analysis / Footprinting Conduct reconnaissance using open source information. Analysis of Google entries, relevant websites and available metadata in order to enumerate Usernames, Staff Email Addresses and company IP's which can be used to brute force usernames. 2. Scanning With the IP addresses gleaned from the Open Source Analysis I will then conduct an in-depth port scan of your network to figure out which ports and services are running. 4. Enumeration Using the port information gleaned above I will then attempt to glean more information about your network setup and hardware specification. 5. Vulnerability Assessment Using the port and service information I will then assess any vulnerabilities using open source channels ExploitDB, Metasploit and known underground forums. 6. Exploitation With prior agreement I can then exploit and vulnerabilities found to best demonstrate the effect and fall out of a potential attack. 7. Reporting The final report will be split into the above 1-6 sections, each with a complete analysis.