Penetration Tester Needed – Custom Angular & PHP Web Application
Budget: $1,000 – $1,500 (Fixed Price)
Location: Remote
About the Project
We are seeking an experienced penetration tester to perform a thorough security assessment of a custom-built web application developed with Angular (frontend) and PHP (backend). The objective is to identify vulnerabilities, evaluate risk levels, and provide clear, actionable remediation recommendations.
Scope of Testing
1. Web Application Security Testing
Identify common and advanced vulnerabilities (e.g., XSS, SQL injection, CSRF, IDOR)
Evaluate client-side Angular logic for potential security weaknesses
Assess file upload functionality, input validation, and data sanitisation
2. API Security Testing
Test REST API endpoints for improper exposure and injection flaws
Review rate limiting, input handling, and sensitive data leakage
Assess authentication mechanisms and token security
3. Authentication & Authorization
Test login systems for brute force and credential stuffing vulnerabilities
Evaluate session management and handling
Assess role-based access control (RBAC) and privilege escalation risks
Review password policies, MFA implementation, and session timeouts
4. Network & Infrastructure Testing
Identify server misconfigurations and unnecessary open ports
Review SSL/TLS configuration and certificate validity
Detect exposed services or administrative interfaces
Deliverables
The final report should include:
Executive Summary – High-level overview for non-technical stakeholders
Technical Findings – Detailed vulnerabilities with proof of concept (PoC)
Risk Ratings – Severity levels (Critical / High / Medium / Low / Informational)
Remediation Recommendations – Clear steps to resolve each issue
Retest Guidance – Instructions for validating fixes
Requirements
Proven experience in web application and infrastructure penetration testing
Strong understanding of Angular and PHP-based systems
Familiarity with OWASP Top 10 and security best practices
Proficiency with tools such as Burp Suite, Nmap, Metasploit, Nikto, or similar
Ability to provide sample reports or past project examples
Strong written English for clear documentation
Certifications such as CEH, OSCP, eWPT, or similar are a plus
NDA & Legal Requirements
The selected contractor must sign a Non-Disclosure Agreement (NDA) and a contractor agreement before gaining access. Testing outside the approved scope is strictly prohibited. All agreements will be managed through Upwork prior to project start.
How to Apply
Please include the following in your proposal:
Answers to the screening questions below
A brief summary of relevant experience
A sample (redacted) penetration testing report
Your estimated timeline for completion
Screening Questions
Please confirm the following:
Are you able to complete a full penetration testing audit within a budget of $1,000–$1,500?
What testing methodology do you use (black-box, grey-box, white-box), and what systems will be in scope?
Can you share examples of previous reports and verifiable client references?
What certifications or affiliations do you hold (e.g. CREST, OSCP)?
Are you willing to sign an NDA and a non-exploitation agreement covering all findings and access?
What level of access will you require (staging vs production), and how do you handle sensitive data during testing?
Do you provide a detailed remediation report, and do you offer retesting after fixes are implemented?
Can you outline your process for ensuring all access, accounts, and test artefacts are removed after the engagement?
Apply tot his job
Apply To this Job