Web Application Penetration Test

Web Application Penetration Test (Budget-Conscious) Project Overview

We are looking for a practical, no-nonsense penetration test of a web-based application. The goal is to identify obvious and material security weaknesses and provide clear, actionable fixes, not to produce an academic or compliance-heavy report.

This is a small, well-defined engagement suitable for an experienced freelancer.

Scope of Testing

In scope:

Public-facing web application

, authentication, and authorisation flows

Application APIs

Input validation and data handling

Out of scope:

Denial of Service (DoS) testing

Social engineering or phishing

Physical security

Third-party platforms or services

Testing Approach

Grey-box testing (limited information provided)

Combination of automated tools and manual testing

Focus on OWASP Top 10 style vulnerabilities

Emphasis on realistic attack paths, not theoretical issues

Deliverables

A concise written report including:

Short executive summary

List of vulnerabilities found

Severity rating (Critical / High / Medium / Low)

Evidence (screenshots or request/response samples)

Clear remediation steps

Length expectation: 10–15 pages max (brevity preferred).

Optional:

Re-test after fixes (separately priced)

Constraints & Rules

Testing during agreed time window

No intentional data deletion or service disruption

Any critical issue to be reported immediately

Do not retain or share any data after completion

Pricing Guidance

To keep proposals aligned:

Expected effort: 1–3 days testing + 1 day reporting

Target budget range: £500

Please explain clearly if your proposal exceeds this range

We are not seeking enterprise compliance certification or formal audit sign-off — just solid security coverage at sensible cost.

Budget: GBP 500 (Fixed Price)

Proposals: 37 freelancers have applied