Xsspekerjaan

I’m ready to bring in a security specialist to run a thorough, manual penetration test on my live e-commerce application. Automated scanners aren’t enough for this engagement—I need human-driven testing that uncovers real-world attack paths. Here’s what I’m looking for: • A full manual assessment covering all SQL Injection, Cross-site Scripting (XSS) and Cross-site Request Forgery (CSRF),Web Application Penetration Testing , Network Penetration Testing Services External or Internal, Web Services Testing, API Testing • Exploitation-level proof of concept for every confirmed issue, with clear, reproducible steps. • A concise risk-ranked report that separates critical, high, medium and low findings, followed by practical remediation advi...

...Sixth: Security & Data: : Full compliance with the Personal Data Protection Law (PDPL) in Saudi Arabia and National Cybersecurity Authority (NCA) standards. : Encryption of all sensitive data (customer info, addresses, payments) using advanced protocols (e.g., AES-256) and securing connections via SSL/TLS. Security: Securing endpoints against attacks (SQL Injection, XSS) and using Two-Factor Authentication (JWT). Residency: Commitment to local data storage within Saudi Arabia as per regulatory requirements. Testing: Delivery of a report proving the system is free of security vulnerabilities, with Audit Logs for all sensitive operations. Support: Commitment to technical support and bug fixes for a period to be agreed upon. :

...encryption of a web application. Testing will focus on identifying potential security risks and providing recommendations for remediation. Scope of Work: • Audit the Authentication/Authorization flow (JWT/Laravel Sanctum). • Test for IDOR and Broken Access Control between user accounts. • Audit API security (integrations with AI and Property Data providers). • Check for OWASP Top 10 vulnerabilities (XSS, SQLi, CSRF). • Check for Insecure Webhooks and Hardcoded Secrets Requirements: • Proven experience with Laravel security. A sample report of a penetration test which you have conducted recently would be preferrable. • What are the certifications held by your company for penetration testing? • Ability to provide a detailed report with �...

I need a lightweight, web-based application that lets me assign tasks to each team member (one or more for a single task) and follow ... Hosting in cloud. 4. A short video or screenshare walk-through confirming every feature works. Acceptance criteria • I can add, edit, assign, and close tasks without page reload errors. • Login and logout flows are secure and session-based. • Dashboard updates reflect the latest status without manual refresh. • Code passes a quick vulnerability scan for common issues (SQL injection, XSS). If you already have a boilerplate you can adapt quickly, great—tell me. Otherwise, outline your proposed stack, timeline, and any questions you still have so we can get started. We are based in New Delhi. Local Developers pr...

...plugins or bloated builders Styling & Frontend Use SASS/SCSS for CSS development Deliver compiled and minified CSS & JavaScript Fully responsive and cross-browser compatible Performance Optimization Optimized page load speed Minified assets and optimized images Clean database queries Core Web Vitals–friendly setup Security WordPress security best practices Protection against common vulnerabilities (XSS, SQL injection, brute force) Secure configuration and file permissions SEO SEO-friendly HTML structure Clean URLs and proper heading hierarchy Schema-ready and performance-optimized for search engines Required Skills Strong experience with WordPress custom theme development Proven experience with ACF Experience with UnderStrap or Bootstrap-based themes PHP, HTML5...

...Sixth: Security & Data: : Full compliance with the Personal Data Protection Law (PDPL) in Saudi Arabia and National Cybersecurity Authority (NCA) standards. : Encryption of all sensitive data (customer info, addresses, payments) using advanced protocols (e.g., AES-256) and securing connections via SSL/TLS. Security: Securing endpoints against attacks (SQL Injection, XSS) and using Two-Factor Authentication (JWT). Residency: Commitment to local data storage within Saudi Arabia as per regulatory requirements. Testing: Delivery of a report proving the system is free of security vulnerabilities, with Audit Logs for all sensitive operations. Support: Commitment to technical support and bug fixes for a period to be agreed upon. :

...entry via virtual keyboard for at least two high-risk actions (password reset, resume download, account deletion). • Secure Logging and Audit – Log all critical actions (authentication, job posting changes, application status updates, admin moderation). – Logs must be tamper-evident using hash chaining or a private blockchain. • Defenses Against Attacks – Protection against SQL injection, XSS, CSRF, session fixation, and session hijacking. Data Storage Compliance – Passwords must be hashed and salted (bcrypt or Argon2). – Plaintext passwords must never be stored. – Sensitive documents must be encrypted with strict access control. • Scalability and Simultaneous Access – The system must support multiple concurrent...

...entry via virtual keyboard for at least two high-risk actions (password reset, resume download, account deletion). • Secure Logging and Audit – Log all critical actions (authentication, job posting changes, application status updates, admin moderation). – Logs must be tamper-evident using hash chaining or a private blockchain. • Defenses Against Attacks – Protection against SQL injection, XSS, CSRF, session fixation, and session hijacking. Data Storage Compliance – Passwords must be hashed and salted (bcrypt or Argon2). – Plaintext passwords must never be stored. – Sensitive documents must be encrypted with strict access control. • Scalability and Simultaneous Access – The system must support multiple concurrent...

...entry via virtual keyboard for at least two high-risk actions (password reset, resume download, account deletion). • Secure Logging and Audit – Log all critical actions (authentication, job posting changes, application status updates, admin moderation). – Logs must be tamper-evident using hash chaining or a private blockchain. • Defenses Against Attacks – Protection against SQL injection, XSS, CSRF, session fixation, and session hijacking. Data Storage Compliance – Passwords must be hashed and salted (bcrypt or Argon2). – Plaintext passwords must never be stored. – Sensitive documents must be encrypted with strict access control. • Scalability and Simultaneous Access – The system must support multiple concurrent...

...movie reviews and ratings • Admin can moderate or remove inappropriate reviews • Super Admin can manage admin accounts and enforce password rotation policies • Audit logs for all actions (logins, review submissions, deletions, role changes) • Notification system for suspicious login attempts Security Requirements (VERY IMPORTANT): • Protection against OWASP Top 10 vulnerabilities (SQL Injection, XSS, CSRF, SSRF, etc.) • Secure session management (HTTPOnly cookies, Secure flags, session timeout) • Password hashing using bcrypt/Argon2 with salting • TLS/SSL enforced for all communications • Input validation and output encoding on all forms • Encrypted data storage for sensitive information using AES • Tamper-evident logging a...

I need a security-minded developer to comb through the codebase of my web application, which mixes legacy PHP with a newer Python/Django API layer. A recent scan showed traces of hidden backdoors and the classic trio of injection issues—SQLi, XSS, and CSRF. Your first task is to locate and eradicate every backdoor, then patch the vulnerable entry points in both stacks without breaking existing features. Once the code is clean, I want the application redeployed to a fresh server image (Ubuntu-based) using best-practice hardening. After deployment, run functional and security regression tests so I can see proof that the patches hold under load and normal usage. Deliverables I must receive: • Sanitised source code with clear commit history • Brief report detailing e...

...and feature coding. First, I’d like you to perform a complete security audit: comb through every file, look for webshells or obfuscated code, review server logs, and check the configuration for common OWASP issues. Any backdoors you locate should be removed, and the vulnerable code that allowed them must be refactored. Next comes vulnerability patching. Parameterize raw SQL queries, neutralize XSS vectors, tighten CSRF protection, and update any outdated libraries—all while keeping everything framework-free and compatible with PHP 8.2 and MySQL 8. Once the codebase is clean, we’ll move on to secondary development. I have a short list of new modules and tweaks that build on existing functionality; you’ll receive detailed specs as soon as the system is de...

We are looking for an experienced Security Engineer / Penetration Tester to perform a pre-production security assessment of a web application. Tech stack Backend: Node.js (Express) Frontend: React Scope Black-box penetration testing against the live application Identification of OWASP Top 10 issues (XSS, SQLi, CSRF, IDOR, auth/session flaws) Authorization & RBAC testing (horizontal / vertical privilege escalation) Dependency security review based on provided files Review of security headers, cookies, and error handling Access Provided Application URL(s) Test user accounts (frontend & backend) Deliverables Security report with findings ranked by severity Clear remediation recommendations Re-test after fixes Requirements Proven experience securing Node.js and

...leaning toward Django because of its mature ecosystem and built-in security features, and I’d like the data persisted in a SQL database. Core features I must see working end-to-end: • Secure user registration, login, and role-based access • RESTful or GraphQL APIs that expose the app’s business logic • Thoughtful UI/UX that adapts smoothly to mobile and desktop • Solid security practices: CSRF, XSS, input validation, password hashing, HTTPS readiness • Performance-minded architecture that can scale without major rewrites Deliverables • React source with reusable components, hooks, and routing • Django project with modular apps, tests, and documented APIs • SQL schema migrations and seed data scripts • Deploy...

...similar—so future updates are painless. Acceptance criteria 1. User and driver apps install from the supplied APKs and pass through login, trip creation, tracking, and completion without crashes. 2. The admin dashboard reflects new and updated trips in real time. 3. All endpoints return the correct HTTP status codes, follow JSON standards, and are secured against common exploits (SQL injection, XSS, etc.). 4. Postman collection and a short read-me fully explain setup and usage. If you have solid experience juggling PHP, Kotlin, MySQL, and RESTful best practices, this should be a straightforward integration job with a quick turnaround....

...assigned tasks and modules Required Skills & Qualifications Strong proficiency in PHP with CodeIgniter (CI 3 / CI 4) Good knowledge of HTML, CSS, JavaScript, jQuery, AJAX Hands-on experience with MySQL / MariaDB Understanding of MVC architecture Experience with REST APIs (development & integration) Familiarity with Linux server environments Knowledge of basic security practices (SQL injection, XSS, CSRF) Experience with Git version control Ability to work independently in an onsite team environment Good to Have (Preferred Skills) Experience with Laravel (added advantage) Knowledge of React / Angular / Vue (basic understanding) Experience in eCommerce, ERP, CRM, or Government projects Exposure to AWS / Cloud hosting Understanding of performance optimization...

...assigned tasks and modules Required Skills & Qualifications Strong proficiency in PHP with CodeIgniter (CI 3 / CI 4) Good knowledge of HTML, CSS, JavaScript, jQuery, AJAX Hands-on experience with MySQL / MariaDB Understanding of MVC architecture Experience with REST APIs (development & integration) Familiarity with Linux server environments Knowledge of basic security practices (SQL injection, XSS, CSRF) Experience with Git version control Ability to work independently in an onsite team environment Good to Have (Preferred Skills) Experience with Laravel (added advantage) Knowledge of React / Angular / Vue (basic understanding) Experience in eCommerce, ERP, CRM, or Government projects Exposure to AWS / Cloud hosting Understanding of performance optimization...

...pengguna: • Mendaftar dan login dengan aman • Membuat profil, unggahan, dan interaksi (komentar & “like”) • Menerima notifikasi real-time Antarmuka wajib responsif agar nyaman di desktop maupun mobile browser. Tech stack dipersilakan—React, Vue, , Node.js, Laravel, Django, dan sejenisnya—selama stabil, mudah di-scale, serta disertai alasan pemilihannya. Keamanan (auth, enkripsi, proteksi XSS/CSRF) dan performa adalah prioritas. Deliverables: • Source-code lengkap di repository versi-kontrol • Skema database & skrip migrasi • Build siap deploy di server Linux • Dokumentasi instalasi, konfigurasi, dan panduan singkat penggunaan Sertakan portofolio proyek serupa dan estimasi waktu pengerjaan. Saya ...

...4s; CLS < 0.1; TTI < 5s; Page size < 1MB gzipped Optimization: Code-splitting by route, lazy loading, image optimization, tree-shaking, minification/compression, service worker caching, CDN 9. SECURITY REQUIREMENTS Auth: JWT Bearer, HttpOnly cookie storage, refresh, auto-logout on expiry Authorization: RBAC, permission checks, route guards, API interceptors Data Protection: HTTPS/TLS1.2+, CSRF, XSS prevention, input/output validation, CSP/secure headers Compliance: Audit logging, activity tracking, user action and auth-failure logs 10. DELIVERABLES BY PHASE Phase 1 (Weeks 1-3): Blazor setup (Web+MAUI), UI component library, layout/nav, auth pages, API service layer, state mgmt, responsive framework, CSS setup Phase 2 (Weeks 4-8): Dashboard, Requests (list/detail/create...

...Technical Specifications & Security • UI/UX: Modern, clean aesthetic using Tailwind CSS. Focus on fast load times and "glassmorphism" elements. • SEO & Speed: Implement Server-Side Rendering (SSR), schema markup for courses, and optimized image delivery. • Security: Enforce SSL throughout. All user data, especially wallet transactions and passwords, must be encrypted (Bcrypt/AES-256). Implement CSRF and XSS protection. 6. Admin Dashboard/User dashbord • Management panel to upload videos, track revenue, manage user wallets, and monitor referral payouts. 7. - Framework: 14+ (React-based) - Language: TypeScript - Styling: Tailwind CSS + shadcn/ui - State Management: Zustand or Redux Toolkit - Animations: Framer Motion - Charts/Analytics: Rechar...

I already run a marketplace powered by the PhpProBid script and now I want a dedicated front end that lets buyers manage auctions smoothly on every major platform. The core is auction management: browsing listings, tracking favourites, setting prox...short video walk-through showing the app connected to a staging server. Acceptance criteria • A buyer can register/login, browse categories, view an item, place a bid and receive confirmation—all without page refreshes. • When a higher offer is placed from another client, push notification appears on the test device within 5 seconds. • Code passes basic security review (no SQL injection or XSS vectors). If you have proven experience with PhpProBid integrations or live auction apps, let’s talk timelines...

My website needs a thorough security health-check. I want an ethical hacker to attempt real-world attacks, document every weakness, and explain how to close the gaps. Standard black-box and grey-box techniques are welcome, and I expect coverage of common web threats—SQL Injection, XSS, broken authentication, misconfigured headers, insecure direct object references, and anything else you uncover. Please probe the live production instance (no staging mirror is available), but keep service disruption to an absolute minimum and notify me immediately if you hit a critical point where downtime is possible. Burp Suite, OWASP ZAP, SQLMap, Nikto, Nmap, or your preferred toolset are all fine as long as your methodology aligns with OWASP Top 10 and produces reproducible results. Delive...

...to identify security vulnerabilities, assess potential attack vectors, and receive clear technical recommendations to improve the overall security posture of the platform. This is a legitimate, authorized security assessment. Written permission will be provided if required. Scope: Reconnaissance and information gathering Web application vulnerability testing (OWASP Top 10) SQL Injection, XSS, authentication and session issues Brute force and rate-limiting tests (non-destructive) Input validation and form sanitization Controlled exploitation (no service disruption) Social engineering, phishing, and physical access are out of scope unless agreed in advance. Deliverables: Clear pentest report List of vulnerabilities with risk levels Proof of concept (when applica...

I am building a feature-rich auction site on SQL Server with a clean MVC architecture and need a developer who can deliver a fast, secure, mobile-responsive exper...server, SQL Server for persistence, clean REST endpoints for future mobile apps, and responsive front-end templates that adapt flawlessly to phones, tablets, and desktops. Acceptance criteria 1. All three portals load under two seconds on 4G. 2. A fresh listing can pass from Seller → Buyer auction → Admin payout without any manual database tweaks. 3. Security tests show no SQL injection, XSS, or auth bypass vulnerabilities. 4. Codebase is handed over in a well-documented repo with build instructions. If you have delivered similar high-traffic auction or marketplace systems, let’s discuss your ap...

...backend with API-driven microservices architecture Integrate video streaming (Cloudflare Stream, Mux, or AWS IVS) Implement AI features: intelligent search, content recommendation, AI assistant, summarization Ensure multi-language support (Arabic & English) Create a flexible admin dashboard for content and user management Optimize performance and Core Web Vitals Maintain security best practices (XSS, CSRF, SQL Injection prevention) Optional / Bonus: Experience with Low-Code tools (FlutterFlow, ) for rapid feature testing is welcome, provided the platform remains custom, scalable, and AI-integrated. Requirements: Proven experience in + React for production platforms Strong backend development skills (Node.js / NestJS / Laravel) Experience integrating AI APIs / LLM...

...backend with API-driven microservices architecture Integrate video streaming (Cloudflare Stream, Mux, or AWS IVS) Implement AI features: intelligent search, content recommendation, AI assistant, summarization Ensure multi-language support (Arabic & English) Create a flexible admin dashboard for content and user management Optimize performance and Core Web Vitals Maintain security best practices (XSS, CSRF, SQL Injection prevention) Optional / Bonus: Experience with Low-Code tools (FlutterFlow, ) for rapid feature testing is welcome, provided the platform remains custom, scalable, and AI-integrated. Requirements: Proven experience in + React for production platforms Strong backend development skills (Node.js / NestJS / Laravel) Experience integrating AI APIs / LLM...

...can enable/disable subdomain per seller 10. UI/UX Requirements Instamart-style ultra-fast interface Minimal, clean, responsive UX Color option: White, Dark Green, Matte Black Highly optimized for speed & caching 11. Analytics & Reports Sales report (seller/category/HSN) Tax/GST report Delivery performance Seller acceptance metrics 12. Security & Compliance Secure payment integration XSS/CSRF protection Rate-limiting for APIs Indian data safety norms Encrypted PII handling New Advanced API Integrations (Mandatory) 14. GST Verification API Real-time verification Auto-fill business name, address, status Store GST data in KYC records Prefill invoice header 15. PAN Verification API Validate PAN via government-approved services Match PAN with name/D...

...partir de um painel único, consultar atividades, gerir permissões e intervir quando necessário. Segurança é prioridade absoluta. A autenticação de dois fatores deve vir ativa por defeito em todas as contas, incluindo a do Administrador. Garanta também que as boas práticas de encriptação em trânsito e em repouso são seguidas; pretendo logs de auditoria completos e proteção contra injeção ou ataque XSS. Aceito propostas que sugiram a stack mais adequada (por exemplo, Node.js + React, Laravel, Django ou outra solução robusta) desde que cumpram estes pontos essenciais: • Perfis distintos: Administrador central, chefe de grupo e utilizador normal ...

...Pages** - **Login/Register Pages** - **User Dashboard** - **Admin Dashboard** - **404 Error Page** ### 9. **Email Notifications** (Priority: MEDIUM) - Booking confirmation emails - Payment confirmation emails - Admin notifications for new bookings - Email templates with booking details ### 10. **Security Features** (Priority: HIGH) - Input validation and sanitization - SQL injection prevention - XSS protection - CSRF protection - Rate limiting - Secure session management - for security headers - Secure password storage - OAuth security best practices ### 11. **Image Management** (Priority: MEDIUM) - **Cloudinary integration** for image hosting - Image upload for tours - Image upload for blog posts - Image optimization and resizing - Multiple image support for tours ### 12. *...

Hi , Looking for .NET Code Security Expert is a professional specializing in building and auditing secure applications using Microsoft's .NET framework. Need to focus on secure coding practices, threat mitigation, secure design, validation controls, authentication/authorization, cryptography, and handling vulnerabilities like SQL Injection and XSS to protect against cyber threats, often certified through programs like CASE.NET. They integrate security throughout the Software Development Life Cycle (SDLC) Looking forward to your response. Regards, Dipak

...Complete a thorough security scan (manual review + preferred tools such as Drupal Security Review, OWASP ZAP, or your equivalent). 2. Pinpoint every SQL injection and XSS entry point left in the codebase or database. 3. Patch, update, or re-configure affected core files/settings, ensuring no functionality loss. 4. Provide a concise remediation report outlining: – Location of each vulnerability found – Exact fix applied – Recommended preventive measures for future deployments 5. Run final penetration tests to demonstrate that the site is clean and stable. Acceptance criteria • No detectable SQLi or XSS issues in automated scans and manual testing. • Site functionality intact across all existing user flows. • F...

...Pages** - **Login/Register Pages** - **User Dashboard** - **Admin Dashboard** - **404 Error Page** ### 9. **Email Notifications** (Priority: MEDIUM) - Booking confirmation emails - Payment confirmation emails - Admin notifications for new bookings - Email templates with booking details ### 10. **Security Features** (Priority: HIGH) - Input validation and sanitization - SQL injection prevention - XSS protection - CSRF protection - Rate limiting - Secure session management - for security headers - Secure password storage - OAuth security best practices ### 11. **Image Management** (Priority: MEDIUM) - **Cloudinary integration** for image hosting - Image upload for tours - Image upload for blog posts - Image optimization and resizing - Multiple image support for tours ### 12. *...

...Pages** - **Login/Register Pages** - **User Dashboard** - **Admin Dashboard** - **404 Error Page** ### 9. **Email Notifications** (Priority: MEDIUM) - Booking confirmation emails - Payment confirmation emails - Admin notifications for new bookings - Email templates with booking details ### 10. **Security Features** (Priority: HIGH) - Input validation and sanitization - SQL injection prevention - XSS protection - CSRF protection - Rate limiting - Secure session management - for security headers - Secure password storage - OAuth security best practices ### 11. **Image Management** (Priority: MEDIUM) - **Cloudinary integration** for image hosting - Image upload for tours - Image upload for blog posts - Image optimization and resizing - Multiple image support for tours ### 12. *...

...can extend over time, while keeping everything secure, scalable, and friendly on any screen size. Security & accounts The registration and login flow needs to use tried-and-tested password encryption (bcrypt or Argon2). No two-factor or biometric layers for now, but the architecture should leave room for me to add them later. Session handling must be immune to the usual threats: SQL injection, XSS, CSRF. Player wallet Each user keeps a real-time balance in a dedicated wallet table. I need deposit, withdrawal, and in-game debit / credit methods exposed through a simple API so that any future game can call them without touching business logic. Game integration framework Please wire the platform to recognise three game categories at launch: • Slot games • ...

...application flaws, and user-access control issues—before anyone else does. During the engagement I expect you to combine automated scanning (Nmap, Nessus, OpenVAS, Burp Suite or similar) with manual exploitation techniques so nothing slips through the cracks. That includes probing open ports and firewall rules, reviewing WHMCS hooks and custom modules for common web-app bugs such as SQL injection, XSS and CSRF, and testing privilege-escalation paths that could let an attacker pivot to root or other service accounts. If you spot bad crypto practices or misconfigured file permissions, highlight them too. Deliverables: • A concise executive summary plus a detailed technical report that maps every finding to a severity rating (CVSS preferred). • Proof-of-concept e...

...Specific user and quiz-related API actions needed. • CI/CD and deployment environment: • Details on preferred hosting and pipeline tools. • Access and environment setup information. • Documentation and handoff format: • Preference for Swagger or Postman for API docs. • Format and duration for the handoff session or screencast. Security expectations: • Confirm level of security measures (CSRF, XSS, HSTS) and compliance requirements if any. • Authentication flows (JWT, OAuth 2.0) and token expiration policies. Analytics and reporting details: • Metrics and reports expected at Physician and Super Admin levels. • Types of filters, date ranges, and export features needed. Budget and timeline confirmation: • Budget li...

...staging environment along with any credentials or sample data you need. From there, please explore every feature, workflow, and edge case to confirm that everything works exactly as intended across modern browsers. At the same time, evaluate the user experience: navigation, layout, wording, and overall intuitiveness. Finally, put your security-tester hat on and probe for common vulnerabilities such as XSS, CSRF, and authentication or session issues. Deliverables • A concise test plan outlining your approach • Detailed bug and issue log with reproduction steps, screenshots or recordings where helpful • Severity ratings and prioritised recommendations • A short usability summary highlighting friction points and suggested improvements • Security fin...

...polish Some TypeScript improvements needed Missing database indexes Rate limiting not implemented No staging environment Some RTL layout issues What We Need: 1. UI/UX Optimization Mobile-first redesign Responsive layouts for all devices User flow optimization Loading states & animations Form UX improvements Accessibility (WCAG) PWA features 2. Security Full security audit Fix vulnerabilities (XSS, CSRF, SQL injection) Rate limiting & DDoS protection Input sanitization Dependency audit 3. Performance Database optimization (indexes, N+1 queries) Redis caching implementation Bundle optimization Core Web Vitals improvement Image optimization & CDN 4. DevOps CI/CD pipeline setup Docker containerization Monitoring & logging (Sentry, Grafana) Automated backups Stagin...

I have a quiz-based mobile application in active development and now need the back-office infrastructure that will power it. Specifically, I’m looking for a web-based admin panel coupled with a set of secure RESTful APIs that the app can hit for every action, from user sign-up to quiz submission. ...deployed to my server, fully responsive • JWT RESTful API endpoints with authentication, pagination, and rate limiting • Documentation covering environment setup, endpoint usage, and role permissions • A brief hand-off session or screencast so I can maintain the system independently • oauth 2.0 authentication • CI / CD Pipeline • HSTS header Code quality, security best practices (csrf, xss attacks etc.), and clean, readable documentation wi...

...Administrative System ## Security Requirements (Critical) ### Client-Side Security - Code obfuscation for both iOS and Android - Certificate pinning for API communications - Jailbreak and root detection - Anti-debugging protection - Local storage encryption (AES-256) - Anti-cheat mechanisms ### Server-Side Security - HTTPS/TLS for all communications - SQL injection prevention (parameterized queries) - XSS and CSRF protection - Rate limiting per IP and user - DDoS mitigation strategies - Secure password hashing (bcrypt or Argon2) - API request signing and validation - Session hijacking prevention - Two-factor authentication support ### Game Security - Server-side validation for all game actions - Transaction verification and logging - Anomaly detection for cheating - Packet m...

...harden an existing Core PHP website by reviewing the current HTTP response headers and adding or updating the ones that are still missing or outdated. The site is healthy—this is purely a compliance exercise—so please avoid touching areas that are already configured correctly and make sure no duplicate headers are introduced. Headers that definitely need attention include: • X-Frame-Options • X-XSS-Protection • X-Content-Type-Options • X-Permitted-Cross-Domain-Policies • Strict-Transport-Security • Referrer-Policy • Feature-Policy / Permissions-Policy • Expect-CT • Set-Cookie flags (Secure, HttpOnly, SameSite) • Content-Security-Policy Feel free to leave any header in place if it already follows best ...

...reset flows.  Every API route, especially admin/privileged or sensitive data.  All forms, text inputs, file uploads, and any place a user can paste content. o Check and improve:  Auth logic (sessions or JWT), including secure storage and expiry.  Cookies & headers (HttpOnly, Secure, SameSite, HSTS, etc.).  Server-side validation & sanitisation for every important endpoint.  Protection against XSS, CSRF, injection, and similar attacks.  Rate limiting on sensitive routes (e.g. login, password reset). o Make sure role-based access control (RBAC) is in place so only the right roles can access certain APIs and pages. 3. Permissions & role-based access (APIs & admin) o Audit user roles (e.g. user, admin, etc.). o Ensure every admin/privileged API is protected on ...

I have a simple bilingual landing page that currently runs on an outdated version of Bootstrap. You can see the live page here: What I need from you: upgrade every Bootstrap asset (CSS, JS, P...After the upgrade the page must keep all existing behaviour: • Mobile-friendly layout and breakpoints • Dropdown menu and carousel/slide functions • Language toggle between the two current translations A successful hand-off includes the updated source files, the local vendor folder with Bootstrap and dependencies, plus a quick note confirming you checked for and eliminated the previous XSS issue. If everything looks and works exactly as it does now—but safer and running on the newest Bootstrap—then we’re done.

...content management system (CMS) with role-based access control and audit logs. 4. Build a responsive RTL/LTR design (Arabic right-to-left compatibility). 5. Include archive pages for reports, documents, and public content. 6. Implement data backup, monitoring, and privacy policies for long-term reliability. --- Core Features and Requirements 1. Security HTTPS, HSTS, CSP policies, and XSS/CSRF prevention. Encrypted storage for sensitive submissions (if stored at all). Server-side encryption (AES / RSA). Secure admin panel with 2FA and login attempt limits. DDoS protection (via Cloudflare / reverse proxy / hosting solution). Logging and monitoring system for suspicious access. 2. Frontend Modern, minimalist UI — inspired by investigative media / civic ini...

I am looking for a seasoned security specialist who can run a full-cycle, OWASP Top 10–oriented penetration test on our web application. The engagement must cover information gathering, vulnerability verification, exploitation for risk validation, and finally a polished report. What matters most: • You are genuinely comfortable hunting for SQLi, XSS, CSRF, RCE, SSRF, business-logic flaws and similar issues. • All testing is performed directly by you—no re-outsourcing and no leakage of data, code or credentials. • Burp Suite will be the primary toolbox; if you prefer supplementing it with OWASP ZAP or Nmap, that is fine as long as the results remain consistent. • You can show prior enterprise-grade work or at least a sample report so I can a...

...Backend and Admin Panel Admin panel must allow editing: Home About Services Solutions AI and Automation Industries Careers Legal pages SEO meta fields Contact information Contact form entries Media gallery Backend stack can be Node.js, Laravel, or Django. Database can be MySQL, PostgreSQL, or MongoDB. Security Requirements Secure authentication Password hashing Sanitized inputs XSS and SQL injection protection Basic audit logging --- 4. Content Writing Developer must write all website content manually. No AI tools allowed. Content required for: Home, About, Services, Solutions, Industries, AI section, Careers, Contact, Admin panel descriptions, and all legal pages. --- 5. Advanced SEO Setup Meta titles and descriptions Sitemap OG tags Schema mar...

...whitelist, or working with website admin). What you will deliver (minimum scope): Phase 1 — Discovery & audit (deliverable: Audit Report) Full functional audit (desktop + mobile): broken features, JS errors, API failures, login flows, forms validations, file uploads, payment flows, code errors, best practices in coding, (website, admin, backend) Security audit: OWASP Top 10 checks (XSS, SQLi, CSRF, auth/session issues, insecure direct object refs, broken access controls). Dependency & supply-chain checks (outdated libs/plugins/third-party scripts). Infrastructure review: TLS/SSL configuration, HSTS, CDN & caching, backup, hosting hardening, firewall/WAF. Admin panel assessment: RBAC, password reset, session expiry, logging/auditing, backup/export, user...

...确、进度连贯，我想通过一对一辅导系统掌握 Web 安全、逆向工程以及密码学这三大常见赛题方向。 课程安排与期望 我希望你能先了解我的基础，然后为我定制一套循序渐进的学习计划： • 制定每周目标与所需资源 • 精选并讲解难度递增的练习题（最好来自常见平台或往届赛事） • 在线实时演示解题思路与工具使用，例如 Burp Suite、Ghidra、IDA Free、pwntools、CyberChef 等 • 布置课后挑战并在下一次辅导时点评 write-up，帮助我改进思考方式 授课形式 一周 1-2 次远程直播（Zoom、Google Meet 或其他你熟悉的平台均可），每次 1–2 小时；课间答疑可通过聊天或邮件进行。学习资料、脚本示例及参考链接请统一整理到可共享的云端文件夹，方便我反复查看。 交付与验收 • 至少覆盖 20 个以上典型题型：SQL/SSRF/XSS、栈溢出/格式化字符串、经典对称/非对称加解密等 • 提供完整的教案、录屏或课件（PPT/Markdown 均可） • 课程结束时，我能够独立解出新手赛常见基础题并写出结构化的 write-up 只要你对 CTF 有实战经验，能清晰表达思路并乐于分享，请与我联系并说明可安排的时间与大致教学框架。

...transaction ledger. Acceptance criteria 1. I can create an invitation link, sign up through it, and see the new user positioned correctly with immediate commission calculations. 2. Commission report totals match the calculation spreadsheet I’ll provide. 3. Rank promotion triggers the moment qualifying volume posts. 4. Site passes basic penetration testing for common vulnerabilities (SQLi, XSS). 5. All source code, database schema, and deployment instructions are delivered in Git. E-wallet integration isn’t required right now, but structuring payouts so it can bolt on later will be a plus. If this aligns with your expertise, tell me which tech stack you plan to use and your estimated timeline for an end-to-end launch....

...Administration • Admin Authentication: Secure admin login system • Role-based Access: Different permission levels for admins and operators • Data Export: Export booking and user data • System Monitoring: Track application performance and usage Technical Features Performance & Security • SSL/HTTPS: Secure connections with proper certificate management • Content Security Policy: Protection against XSS and other attacks • Responsive Caching: Optimized loading times • Error Handling: Comprehensive error management and user feedback Integration Capabilities • Stripe Payments: Full payment processing integration • Email Services: Automated email notifications and confirmations • WhatsApp API: Direct messaging integration •...