Banner Image

All Services

Programming & Development information security

Penetration Testing (Black + White box)

$10/hr Starting at $50

About me :

I'm an ethical hacker and a security consultant with a vast amount of experience in securing applications and infrastructure for large organizations. I am capable of identifying and fixing the OWASP Top 10, SANS/CWE 25, and all other frequently exploited vulnerabilities. I am proficient in conducting automatic and manual security testing using tools like Burp Suite, Metasploit, and Nessus. Please refer to my profile to get the complete list of skills. 

Plan:

Phase 1: Penetration Testing 

1. DAST Assessment (Black box testing with no knowledge of code)

  • Analysis using Burp Suite Professional and OWASP ZAP for web applications. 
  • Manual testing in accordance with WSTG 4.2 and MSTG standards. 
  • OWASP top 10 check 
  • Network and services Scan through port scanners like Nmap and Masscan. 
  • Utilize other Kali Linux tools like Metasploit, Sqlmap, and Xsser as required. 


2. SAST Assessment (White box testing with full knowledge of code): 

  • Code scan and analysis using CodeQL, Sonar Qube, Fortify, VCP, etc. 
  • CWE 25 check 
  • Manual analysis based on the OWASP code review guide


Phase 2: Remediation 

3. Compiled Report: 

  • Vulnerabilities discovered
  • The impact and severity of vulnerabilities
  • Evidence of bugs
  • Recommendations 


4. Remediation 

  • Remediation of vulnerabilities identified
  • implementing security checks for the future.
  • Re-Verification of reported vulnerabilities


Pen-testing Methodology

I usually follow OWASP (Open Web Application Security Project) testing guidelines for penetration testing as it is well documented and convenient to explain to clients. But I am flexible to work with other methodologies as required. 




About

$10/hr Ongoing

Download Resume

About me :

I'm an ethical hacker and a security consultant with a vast amount of experience in securing applications and infrastructure for large organizations. I am capable of identifying and fixing the OWASP Top 10, SANS/CWE 25, and all other frequently exploited vulnerabilities. I am proficient in conducting automatic and manual security testing using tools like Burp Suite, Metasploit, and Nessus. Please refer to my profile to get the complete list of skills. 

Plan:

Phase 1: Penetration Testing 

1. DAST Assessment (Black box testing with no knowledge of code)

  • Analysis using Burp Suite Professional and OWASP ZAP for web applications. 
  • Manual testing in accordance with WSTG 4.2 and MSTG standards. 
  • OWASP top 10 check 
  • Network and services Scan through port scanners like Nmap and Masscan. 
  • Utilize other Kali Linux tools like Metasploit, Sqlmap, and Xsser as required. 


2. SAST Assessment (White box testing with full knowledge of code): 

  • Code scan and analysis using CodeQL, Sonar Qube, Fortify, VCP, etc. 
  • CWE 25 check 
  • Manual analysis based on the OWASP code review guide


Phase 2: Remediation 

3. Compiled Report: 

  • Vulnerabilities discovered
  • The impact and severity of vulnerabilities
  • Evidence of bugs
  • Recommendations 


4. Remediation 

  • Remediation of vulnerabilities identified
  • implementing security checks for the future.
  • Re-Verification of reported vulnerabilities


Pen-testing Methodology

I usually follow OWASP (Open Web Application Security Project) testing guidelines for penetration testing as it is well documented and convenient to explain to clients. But I am flexible to work with other methodologies as required. 

Skills & Expertise

Data SecurityEthical HackingMalware RemovalMobile SecurityPenetration TestingSecurity ConsultingSecurity Testing

0 Reviews

This Freelancer has not received any feedback.