Security Audit (Penetration Test) — Laravel 11 web app (pre-launch)
Budżet: -
HOURLY / PART_TIME
⭐ 0.00 (0)
Italy
penetration-testing, website-security, php, web-programming
Platform:
Subscription-based platform (Stripe, no P2P/wallet), built on a licensed Laravel script with custom features.
Stack: Laravel 11, PHP 8.3, MySQL
Payments: Stripe subscriptions only (Checkout + webhooks)
Key areas: KYC uploads, real-time chat with attachments, bids/quotes, project files, GDPR module
Internal hardening done (IDOR, rate limiting, CSRF, headers, file-access auth) — need independent external validation.
Scope:
OWASP Top 10
IDOR / broken access control across all roles
Auth & session (login, register, password reset, 2FA, rate limiting)
File upload (type validation, SVG/XSS, path traversal, direct-URL access)
Stripe (price tampering, webhook signature/idempotency)
GDPR / PII (data exposure, export/anonymization, logs)
Config & dependency vulnerabilities
Deliverable: report with findings by severity, PoC repro steps, remediation. Retest of critical/high included.
Environment: source code + test instance provided privately after NDA
planned for mid July
Otwórz na Upwork