← Zákazky

Security Audit (Penetration Test) — Laravel 11 web app (pre-launch)

Rozpočet: - HOURLY / PART_TIME ⭐ 0.00 (0) Italy

penetration-testing, website-security, php, web-programming

Platform: Subscription-based platform (Stripe, no P2P/wallet), built on a licensed Laravel script with custom features. Stack: Laravel 11, PHP 8.3, MySQL Payments: Stripe subscriptions only (Checkout + webhooks) Key areas: KYC uploads, real-time chat with attachments, bids/quotes, project files, GDPR module Internal hardening done (IDOR, rate limiting, CSRF, headers, file-access auth) — need independent external validation. Scope: OWASP Top 10 IDOR / broken access control across all roles Auth & session (login, register, password reset, 2FA, rate limiting) File upload (type validation, SVG/XSS, path traversal, direct-URL access) Stripe (price tampering, webhook signature/idempotency) GDPR / PII (data exposure, export/anonymization, logs) Config & dependency vulnerabilities Deliverable: report with findings by severity, PoC repro steps, remediation. Retest of critical/high included. Environment: source code + test instance provided privately after NDA planned for mid July
Otvoriť na Upwork