INTL
Freelancer
전문가
외주
원격 가능
Comprehensive Penetration Test & Audit
예산
$30~$250 USD
예상 기간
1~3개월
난이도
전문가
기술 스택
Penetration Testing
Security Audit
Web Security
Network Security
Mobile Security
OSINT
Social Engineering
Risk Assessment
Vulnerability Assessment
Burp Suite
Nmap
Metasploit
Wireshark
Nessus
Kali Linux
OWASP Top 10
SANS Top 25
Linux
Reporting
CVSS
AI 분석 요약
웹 애플리케이션, 네트워크 인프라, 데스크톱, 모바일 기기 및 소셜 미디어 프로필을 아우르는 광범위한 범위에 대한 종합적인 모의 침투 테스트 및 보안 감사 프로젝트입니다. 기술적 취약점과 정책적 허점을 모두 발견하고, 상세한 보고서 및 개선 로드맵을 제공할 수 있는 고도로 숙련된 모의 침투 및 보안 감사 전문가가 필요합니다.
프로젝트 원문 설명
Across my web applications, internal network infrastructure, desktop endpoints, company phones, and public social-media profiles, I need a full-scope security examination. The engagement must blend hands-on penetration testing with a structured security audit so that both technical weaknesses and policy gaps are captured in one clear deliverable.
Scope
• External and internal testing of web apps, network segments, desktops, mobile devices, and social-media assets
• Manual and automated discovery using industry-standard tools such as Burp Suite, Nmap, Metasploit, Wireshark, Nessus, Kali Linux, and OSINT/social-engineering toolkits
• Coverage of OWASP Top 10, SANS Top 25, common mobile attack vectors, and configuration hardening checks
Deliverables
• Comprehensive report linking every finding to CVSS, complete with screenshots, logs, and proof-of-concept exploits
• Executive summary for non-technical leadership and a prioritised remediation roadmap
• Post-test debrief (virtual) to walk through each issue and verify live exploitation where safe
• All artifacts supplied in both PDF and editable formats within the agreed timeline
Acceptance Criteria
• No critical or high finding may be a false positive
• Reproduction steps for each vulnerability must be provided and demonstrated during the debrief
• Testing must stay within the authorised scope and avoid service disruption
A mutual NDA and Rules of Engagement will be signed before work begins, and all data collected remains confidential. Let’s schedule the test window—after-hours or weekend slots are fine—to ensure minimal impact on daily operations and maximum visibility into our true security posture.
Scope
• External and internal testing of web apps, network segments, desktops, mobile devices, and social-media assets
• Manual and automated discovery using industry-standard tools such as Burp Suite, Nmap, Metasploit, Wireshark, Nessus, Kali Linux, and OSINT/social-engineering toolkits
• Coverage of OWASP Top 10, SANS Top 25, common mobile attack vectors, and configuration hardening checks
Deliverables
• Comprehensive report linking every finding to CVSS, complete with screenshots, logs, and proof-of-concept exploits
• Executive summary for non-technical leadership and a prioritised remediation roadmap
• Post-test debrief (virtual) to walk through each issue and verify live exploitation where safe
• All artifacts supplied in both PDF and editable formats within the agreed timeline
Acceptance Criteria
• No critical or high finding may be a false positive
• Reproduction steps for each vulnerability must be provided and demonstrated during the debrief
• Testing must stay within the authorised scope and avoid service disruption
A mutual NDA and Rules of Engagement will be signed before work begins, and all data collected remains confidential. Let’s schedule the test window—after-hours or weekend slots are fine—to ensure minimal impact on daily operations and maximum visibility into our true security posture.
Freelancer에서 원본 확인
원본 보기