Lightweight VAPT Report Creation

₹600-1500 INR

Tamamlandı

İlan edilme: 3 ay önce

₹600-1500 INR

Teslimde ödenir

I need a concise yet thorough Vulnerability Assessment & Penetration Testing report for the endpoint under *.[login to view URL]*. Heavy commercial scanners such as Acunetix or Nessus are off-limits, so the work must rely exclusively on open-source tooling—specifically OWASP ZAP, Nikto, and Nmap—supplemented by manual verification where appropriate. Important - Will need a brief explanation of VAPT itself so a non-security stakeholder can understand the process and results. Scope & focus The assessment must cover the full spectrum of web-layer weaknesses: injection flaws, cross-site scripting, remote code execution vectors, misconfigurations, weak SSL/TLS settings, information disclosure, and any additional issues you discover during recon. Please treat “all possible vulnerabilities” as the baseline, not just the typical top ten. Methodology Document each step: reconnaissance, enumeration, vulnerability discovery, exploitation attempts, and validation. Explain why each tool was chosen, how it was configured (e.g., OWASP ZAP passive/active rules, Nikto switches, Nmap scripts), and the limitations inherent in a lightweight approach. I also need a brief explanation of VAPT itself so a non-security stakeholder can understand the process and results. Deliverables • A well-structured PDF (or DOCX) report that includes: – Executive summary and methodology – Tool configurations and command snippets – Detailed findings with evidence (screenshots, request/response captures, Nmap XML extracts) – Risk rating and CVSS score per issue – Practical remediation guidance • Raw scan outputs (ZAP session, Nikto txt/html, Nmap XML) in a separate archive • Short change-log if any retesting occurs Acceptance criteria The report must be reproducible, free of Acunetix/Nessus artefacts, and demonstrate that OWASP ZAP, Nikto, and Nmap were the only automated scanners used. All critical, high, and medium findings should include proof-of-concept details or clear rationale if exploitation is not possible. The endpoint is ready for testing; let me know your estimated timeline for initial findings and final report delivery.

Proje No: 40035598

Proje hakkında

5 teklifler

Uzaktan proje

Son aktiviteden bu yana geçen zaman 3 ay önce

Biraz para mı kazanmak istiyorsunuz?

E-posta adresi

Freelancer'da teklif vermenin faydaları

Bütçenizi ve zaman çerçevenizi belirleyin

Çalışmanız için ödeme alın

Teklifinizin ana hatlarını belirleyin

Kaydolmak ve işlere teklif vermek ücretsizdir

Seçilen:

@harixhere

Hi, I believe I am the best for this work, i have an experience more than 5 years in web, api, mobile and network security testing. I can test your web application with the help of OWASP TOP 10 guidelines like Broken Authentication, Injection, CSRF, XSS, Authorization etc. As you've mentioned only use OWASP zap, nikto and NMAP for scanning, I will use these as per request. After testing I will provide you detailed report with description, impact and mitigation with POC's. Let's connect and I will explain all the queries you have regarding my experience and work. Thanks Mohd Haris

₹1.200 INR 2 gün içinde

0,0

(0 değerlendirme)

0,0

5 freelancer bu proje için ortalama ₹7.250 INR teklif veriyor

@Priyankarani02

Greetings of the day! I have gone through the shared description and it seems like you are looking for some pen-tester who can perform an assessment of the defined scope. I have been working with Big4 in the domain of Information Security. I hold an experience of 10+ year in the domain of Vulnerability Assessment & Penetration Testing. Below mentioned is a small description of my experience. I have delivered multiple engagements on areas such as Application Security Assessment, Network Architecture reviews, Vulnerability Assessment, Penetration Tests, Configuration Reviews, Mobile Application Security, Information Security Audits, GE Vendor Assessments, Cloud Security, Maturity Assessment, Phishing & Vishing Simulation, and Source Code Review. I have rendered these services to many global multinational organizations on both small one-time engagements as well as large-scale delivery projects. I have worked with clients across a range of industries, including Information Technology Services, Banking, Financial services(NHB & NBFC), E-commerce, KPO, Automotive, and BPO. I have all professional licensed tools to perform this engagement. List of the licensed tool is mentioned below BurpSuite Acunetix Nessus HPE Webinspect Fortify Kindly message me for sample report. Hope to hear back from you :-)

₹2.500 INR 7 gün içinde