Dear Security Expert,
We have a website that we would like the sesurity checked of.
- The website administers a psychological test.
- It has SSL.
- It takes about 30 minutes to take the test, while the user is passing through about 100 pages.
- After the test is finished, the results are sent to another server, where they are interpreted, a report is generated.
-This report is placed for download in an administrative area with access only to the person who ordered the test.
We would like to have this website checked for any security risks:
1. Can someone enter the site and then hack it or let it crash?
2. Can someone follow the data somehow and get from the test administration server to the database and interpretation server where all the data are stored?
3. Can someone get to see data of other people who have done the test by hacking into our system?
4. Any other security risks you can think of.
You bid is for finding any security risks but also for a detailed advice about what to do about them. So not only telling us that it should be fixed, but also how precisely we can fix it.
In you bid (or on PMB) please state:
1. What risks you will test for.
2. How (roughly) you will test for these risks.
3. Your claim to fame as a security expert.
4. You country of residence.
BR
Jaap