Penetration Tester - Angular & PHP Web Application

Remote Full-time
Penetration Tester Needed – Custom Angular & PHP Web Application

Budget: $1,000 – $1,500 (Fixed Price)

Location: Remote

About the Project

We are seeking an experienced penetration tester to perform a thorough security assessment of a custom-built web application developed with Angular (frontend) and PHP (backend). The objective is to identify vulnerabilities, evaluate risk levels, and provide clear, actionable remediation recommendations.

Scope of Testing

1. Web Application Security Testing

Identify common and advanced vulnerabilities (e.g., XSS, SQL injection, CSRF, IDOR)

Evaluate client-side Angular logic for potential security weaknesses

Assess file upload functionality, input validation, and data sanitisation

2. API Security Testing

Test REST API endpoints for improper exposure and injection flaws

Review rate limiting, input handling, and sensitive data leakage

Assess authentication mechanisms and token security

3. Authentication & Authorization

Test login systems for brute force and credential stuffing vulnerabilities

Evaluate session management and handling

Assess role-based access control (RBAC) and privilege escalation risks

Review password policies, MFA implementation, and session timeouts

4. Network & Infrastructure Testing

Identify server misconfigurations and unnecessary open ports

Review SSL/TLS configuration and certificate validity

Detect exposed services or administrative interfaces

Deliverables

The final report should include:

Executive Summary – High-level overview for non-technical stakeholders

Technical Findings – Detailed vulnerabilities with proof of concept (PoC)

Risk Ratings – Severity levels (Critical / High / Medium / Low / Informational)

Remediation Recommendations – Clear steps to resolve each issue

Retest Guidance – Instructions for validating fixes

Requirements

Proven experience in web application and infrastructure penetration testing

Strong understanding of Angular and PHP-based systems

Familiarity with OWASP Top 10 and security best practices

Proficiency with tools such as Burp Suite, Nmap, Metasploit, Nikto, or similar

Ability to provide sample reports or past project examples

Strong written English for clear documentation

Certifications such as CEH, OSCP, eWPT, or similar are a plus

NDA & Legal Requirements

The selected contractor must sign a Non-Disclosure Agreement (NDA) and a contractor agreement before gaining access. Testing outside the approved scope is strictly prohibited. All agreements will be managed through Upwork prior to project start.

How to Apply

Please include the following in your proposal:

Answers to the screening questions below

A brief summary of relevant experience

A sample (redacted) penetration testing report

Your estimated timeline for completion

Screening Questions

Please confirm the following:

Are you able to complete a full penetration testing audit within a budget of $1,000–$1,500?

What testing methodology do you use (black-box, grey-box, white-box), and what systems will be in scope?

Can you share examples of previous reports and verifiable client references?

What certifications or affiliations do you hold (e.g. CREST, OSCP)?

Are you willing to sign an NDA and a non-exploitation agreement covering all findings and access?

What level of access will you require (staging vs production), and how do you handle sensitive data during testing?

Do you provide a detailed remediation report, and do you offer retesting after fixes are implemented?

Can you outline your process for ensuring all access, accounts, and test artefacts are removed after the engagement?

Apply tot his job

Apply To this Job
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Managing Director , AL/GL Field Claims

Remote

**Remote Data Entry Specialist – arenaflex (Part/Full Time) – $72,000/Year**

Remote

Senior Analyst, Model Monitoring (Remote)

Remote

Remote Oncology Informatics Registered Nurse; RN – Precision Medicine – Dallas, Tx

Remote

Part-Time Administrative Assistant (Remote, U.S.-Based)

Remote

Exceptions Analyst

Remote

Regional Partnerships Manager, Tamil Nadu

Remote

[Remote] Independent Contractor – Build Your Own Industrial Sales Business (1099 | Uncapped Earnings)

Remote

Supply Chain Analyst - Logistics

Remote

**Experienced Customer Service Agent – Remote Opportunity at arenaflex**

Remote
← Back