Penetration Testing of an eCommerce Platform for PCI Compliance

Greetings of the day! Glad to see your offer. I have gone through the shared description and it seems like you are looking for some pen-tester who can perform an assessment of the defined scope. I have been working with Big4 in the domain of Information Security. I hold an experience of 5+ year in the domain of Vulnerability Assessment & Penetration Testing. I can test your in-scope applications and can deliver you a quality report for the same. Below mentioned is a small description of my experience. I have delivered multiple engagements on areas such as Application Security Assessment, Network Architecture reviews, Vulnerability Assessment, Penetration Tests, Configuration Reviews, Mobile Application Security, Information Security Audits, GE Vendor Assessments, Cloud Security, Maturity Assessment, Phishing & Vishing Simulation, and Source Code Review. I have rendered these services to many global multinational organizations on both small one-time engagements as well as large-scale delivery projects. I have worked with clients across a range of industries, including Information Technology Services, Banking, Financial services(NHB & NBFC), E-commerce, KPO, Automotive, and BPO. I have all professional licensed tools to perform this engagement. List of the licensed tool is mentioned below BurpSuite Acunetix Nessus Fortify SCA HPE Webinspect I will also perform a source code review of your application. Earlier we have done multiple DSS engagement

Hello! I am an Information security engineer in the profession and have worked with QSAs as a third-party auditor for companies like you. My responsibility was to provide penetration testing reports to my clients and work with them to fix any findings so the penetration test by a QSA will pass with no significant vulnerabilities.

If you are interested in the security of your website i can perform and audit for it. I work as a junior web penetration tester. VAPT is my field. I do use automatic tools but the manual penetration is the most important part. I usually do black box testing and some grey box testing but code review sounds great to me as well At the end of security audit i will present the report to you/your company and we can even set up a call if you want. The structure of the report will be discussed in private so i can better understand what are you interested in(vulnerability location, proof of concept, methods to fix it, impact, CVSS etc). Thank you and for more details feel free to contact me if you want to see how the report will look or other things.

Have 7+ years of experience in both black box and white box testing penetration testing. Perform VAPT(Vulnerability and penetration testing) services like Web-Application penetration testing; System Application penetration testing; Mobile application penetration testing; Network application penetration testing; social engineering penetration testing etc. Conduct penetration testing in a systematic approach. Follow the standard methodology of the industry like OWASP Testing Guide v4(OTGv4) ; SANS top 25; NIST SP 800-115; PCI DSS to perform penetration testing so that client can concentrate on their professions without worrying about security threats. Web Application Testing: Do web application penetration testing with the latest methodology like OWASP Top-10, SANS Top-25. Perform both manual and automated penetration testing for vulnerabilities like Injection flaws(such as SQL, NoSQL, OS, and LDAP injection etc),Broken Authentication, Sensitive Data Exposure,XML External Entities (XXE), Broken Access Control,Security Misconfiguration, Cross-site scripting(XSS), Insecure Deserialization, Using Components with Known Vulnerabilities,Insufficient Logging & Monitoring. Also perform source code reviews for many technologies like java, .NET, PHP etc. Approach for Manual Web-Application Penetration Testing: Conduct manual testing with following controls: Configuration and Deployment Management Testing Identity Management Testing Authentication Testing Authorization Testing S

Dear Hiring Manager, I am Redhat Certified Engineer. I have 8 years of experience as a Linux System Administrator. I posses good knowledge of mail server like zimbra, sendmail, web server like Apache, shell scripting, Virtualization like Citrix Xen server, kvm, vmware. I have also done Tally 6.3 Certification. Knowledge of installing and hosting the PHP based application. Knowledge of installation of SSL of Apache and Tomcat. I have knowledge of mysql and oracle database as well. Knowledge of security compliance rule DISA STIGs, PCI-DSS. Knowledge of devops tools like docker, vagrant, jenkins, github etc. Knowlege of Amazon AWS cloud services,windows 2003, 2008, 2012. I have completed the "AWS Solution architect -Associate" training program. Able to create VPC, public-private subnet, route table, Internet gateway, network acl, instance Migration, updation. I have deployed node.js application over SAAS based platform heroku and have done dockerization of node.js app. Cross compilation of source code over Linux for various OS and architecture. Installation of middleman over ubuntu 18.04 Worked on AWS lightsail service to increase the VM size. Tally ERP9 Implementation in SAAS based cloud to let the user access their account from any location. Installation and configuration of pfsense firewall. Thanks

Hey! I am skilled coder with skills including Web Security, Penetration Testing, Software Testing, Internet Security and Network Security. Please send a message to discuss more about this project. Thanks

Fully qualified OSCP and CEH. 15+ years of penetration testing experience. Will provide a full report with mitigations on completion.

I successfully reported vulnerabilities found to google once..

Hello, I read and understood your project details and excited to get started with this project ASAP. I have a qualified VAPT testers who can test your website and provide report with suggestion. Please consider my bid and give chance to have a long term Association with you. Thanks,

I am leading a team of highly experienced and professional security researcher, We have multiple years of experience in network and associated protocol security , we can discuss more if we advance with the bid. Apart from network, my team has expertise on various computer security domains as below: Web Security Compliance Based Testing - PCI DSS Network Security - (Internal & External) Mobile App Security Cloud Security Thick Client Application Security Reverse Engineering and Malware Analysis Digital Forensics Binary Analysis (Windows/Linux) Fuzzing We can help you in ensuring a well protected and secured computer infrastructure

I have worked on many penetration testing projects and made a professional report about the projects. I am also working on penetration testing projects on fiverr. I have a team of qualified testers. I wish there is a attach file button to the bid so that I could show you the work but if you contact me I will be able to satisfy you and exceed your expectations.

Hi, I will provide you all your requirements fulfilled. I am a cyber security expert. I can do Penetration testing, secure code review, secure coding and developing, network auditing for you. I can run manual testing and tools based testing on your system. I can provide you one complimentary test free after fixing your bugs. Feel free to contact me too.

Hi. I offer you a report with finding and recommendations on a Black Box Vulnerability Scan. Best regards, Marco Flores