Penetration Tester - Angular & PHP Web Application

Penetration Tester Needed – Custom Angular & PHP Web Application

Budget: $1,000 – $1,500 (Fixed Price)

Location: Remote

About the Project

We are seeking an experienced penetration tester to perform a thorough security assessment of a custom-built web application developed with Angular (frontend) and PHP (backend). The objective is to identify vulnerabilities, evaluate risk levels, and provide clear, actionable remediation recommendations.

Scope of Testing

1. Web Application Security Testing

Identify common and advanced vulnerabilities (e.g., XSS, SQL injection, CSRF, IDOR)

Evaluate client-side Angular logic for potential security weaknesses

Assess file upload functionality, input validation, and data sanitisation

2. API Security Testing

Test REST API endpoints for improper exposure and injection flaws

Review rate limiting, input handling, and sensitive data leakage

Assess authentication mechanisms and token security

3. Authentication & Authorization

Test login systems for brute force and credential stuffing vulnerabilities

Evaluate session management and handling

Assess role-based access control (RBAC) and privilege escalation risks

Review password policies, MFA implementation, and session timeouts

4. Network & Infrastructure Testing

Identify server misconfigurations and unnecessary open ports

Review SSL/TLS configuration and certificate validity

Detect exposed services or administrative interfaces

Deliverables

The final report should include:

Executive Summary – High-level overview for non-technical stakeholders

Technical Findings – Detailed vulnerabilities with proof of concept (PoC)

Risk Ratings – Severity levels (Critical / High / Medium / Low / Informational)

Remediation Recommendations – Clear steps to resolve each issue

Retest Guidance – Instructions for validating fixes

Requirements

Proven experience in web application and infrastructure penetration testing

Strong understanding of Angular and PHP-based systems

Familiarity with OWASP Top 10 and security best practices

Proficiency with tools such as Burp Suite, Nmap, Metasploit, Nikto, or similar

Ability to provide sample reports or past project examples

Strong written English for clear documentation

Certifications such as CEH, OSCP, eWPT, or similar are a plus

NDA & Legal Requirements

The selected contractor must sign a Non-Disclosure Agreement (NDA) and a contractor agreement before gaining access. Testing outside the approved scope is strictly prohibited. All agreements will be managed through Upwork prior to project start.

How to Apply

Please include the following in your proposal:

Answers to the screening questions below

A brief summary of relevant experience

A sample (redacted) penetration testing report

Your estimated timeline for completion

Screening Questions

Please confirm the following:

Are you able to complete a full penetration testing audit within a budget of $1,000–$1,500?

What testing methodology do you use (black-box, grey-box, white-box), and what systems will be in scope?

Can you share examples of previous reports and verifiable client references?

What certifications or affiliations do you hold (e.g. CREST, OSCP)?

Are you willing to sign an NDA and a non-exploitation agreement covering all findings and access?

What level of access will you require (staging vs production), and how do you handle sensitive data during testing?

Do you provide a detailed remediation report, and do you offer retesting after fixes are implemented?

Can you outline your process for ensuring all access, accounts, and test artefacts are removed after the engagement?

Apply tot his job