Comprehensive Web & System Security Assessment

Scope of Work * Perform security assessment of web application (Python/Django) and APIs * Test authentication, authorization (RBAC), and session management * Identify vulnerabilities (e.g., SQLi, XSS, command injection, API abuse) * Assess Linux and Windows endpoint agents for: * Privilege escalation risks * Service configuration and permissions * Secure communication (TLS) * Evaluate on-prem server security: * Open ports/services * OS hardening * User access and permissions * Conduct network security testing: * Data in transit (encryption) * Internal communication paths * Review installation and deployment process: * RPM/package security * Configurations and secrets handling ⸻ Deliverables * Detailed security report with severity ratings * Proof of concept (PoC) for findings * Remediation recommendations * Optional retest after fixes ⸻ Required Experience * Web application & API penetration testing * Linux and Windows system security * Endpoint/agent security (preferred) * Experience with on-prem environments ⸻ Nice to Have * Experience with OT/SCADA environments * Familiarity with NERC CIP or compliance frameworks

Project ID: 40416543