CREST Penetration Tester – Web App and Azure Infrastructure (DTAC)

@juanjosec63

Hello, I need to be transparent: I am not a CREST-accredited penetration testing provider, and a CREST-approved test must legally be delivered and signed off by a certified CREST tester operating under a CREST member company. If you require formal CREST certification for compliance or assurance purposes, the engagement must be conducted by such an accredited entity. If helpful, I can support in parallel by preparing pre-assessment documentation, coordinating scope definition, producing a structured test plan aligned to OWASP Top 10, API security, and infrastructure layers (including Azure), and assisting with remediation architecture once the formal CREST report is issued. I can also help translate findings into actionable remediation tickets and support retest readiness. For the actual CREST-approved penetration test and signed report, I recommend engaging a UK CREST member consultancy directly to ensure the deliverables meet regulatory and procurement standards. Best regards, Juan

@zainulhassan1695

Hi, I can support a structured, OWASP-aligned penetration engagement; however, I want to be transparent that I am not CREST-certified nor UK-based. If CREST accreditation and UK invoicing are mandatory compliance requirements, I would not be eligible for this engagement. If you are open to experienced support within a CREST-led team, I can contribute during the 2-week sprint by assisting with: • Web application testing aligned to OWASP Top 10 • API endpoint security validation (auth, rate limiting, input validation, business logic flaws) • Infrastructure surface checks (misconfigurations, exposed services, TLS issues) • Clear vulnerability documentation with reproduction steps and risk context My approach includes producing a structured test plan, detailed finding write-ups with severity classification, proof of concept evidence, and practical remediation guidance for developers. I also support coordinated retesting once fixes are deployed. I’m used to working in fast-paced delivery sprints and collaborating closely with small teams to ensure findings are actionable, not just theoretical. If CREST certification is strictly required, I completely understand, but if you need technically strong hands within the sprint team, I’d be glad to discuss further.

@usmanbashir12100

Hello, I am a UK-based CREST-certified penetration tester with experience assessing web applications, APIs, and infrastructure. I can perform a full CREST-approved test covering OWASP Top 10 risks, your infrastructure, and API endpoints. Deliverables will include a comprehensive report, actionable remediation guidance, and a debrief session with your team. I will work collaboratively with your team during the two-week sprint to ensure timely and thorough coverage. Best regards,

@Feriver

Hello, I understand you need a CREST‑approved penetration test for a DTAC-compliant web app and Azure infrastructure, covering OWASP Top 10, APIs, and cloud components. I can design and execute a thorough pen test plan, identify vulnerabilities, and provide detailed remediation guidance to ensure compliance and security. Deliverables include a full CREST report, prioritized remediation list, and optional retest if required. All findings will be documented with actionable recommendations, aligned with DTAC standards, and integrated into the 2-week sprint workflow alongside your development and architecture teams. Two clarification questions: Should the test include both authenticated and unauthenticated scenarios for all APIs? Are there any specific Azure regions, services, or configurations that must be in scope or excluded? Thanks, Asif

@jagratip3

Hi there, I can handle your CREST-approved penetration testing engagement covering the OWASP Top 10, infrastructure, and API endpoints. Approach: Pen Test Planning: Define scope, methodology, and timelines. Include asset enumeration, threat modeling, and risk prioritization. Execution: Conduct comprehensive testing across web applications, APIs, and infrastructure components. Leverage manual and automated techniques to uncover vulnerabilities such as injection flaws, broken authentication, misconfigurations, and sensitive data exposure. All testing aligned with CREST standards and OWASP Top 10 guidance. Reporting: Deliver a full CREST-compliant report detailing findings, severity, risk impact, and evidence. Include actionable remediation guidance for each vulnerability. Optional Retest: Validate applied fixes if requested to ensure issues are fully addressed. Credentials & Logistics: UK-based and able to invoice as a self-employed contractor or registered business. Experienced in working within small, agile teams under tight sprints, ensuring clear communication and timely delivery. Can provide references and previous CREST reports under NDA. This approach ensures you get a rigorous, compliant, and actionable penetration test with clear remediation paths, helping secure your systems against real-world threats while meeting CREST standards.

@Apurva510

Hello, Thank you so much for posting this opportunity. It sounds like a great fit, and I’d love to be part of it! I’ve worked on similar projects before, and I’m confident I can bring real value to your project. I’m passionate about what I do and always aim to deliver work that’s not only high-quality but also makes things easier and smoother for my clients. Feel free to take a quick look at my profile to see some of the work I’ve done in the past. If it feels like a good match, I’d be happy to chat further about your project and how I can help bring it to life. I’m available to get started right away and will give this project my full attention from day one. Let’s connect and see how we can make this a success together! Looking forward to hearing from you soon. With Regards!

@Ahmedh058

Hi there, I’m Ahmed from Eastvale, California — a Senior Full-Stack & AI Engineer with over 15 years of experience building high-quality web and mobile applications. After reviewing your job posting, I’m confident that my background and skill set make me an excellent fit for your project — CREST Penetration Tester – Web App and Azure Infrastructure (DTAC) . I’ve successfully completed similar projects in the past, so you can expect reliable communication, clean and scalable code, and results delivered on time. I’m ready to get started right away and would love the opportunity to bring your vision to life. Looking forward to working with you. Best regards, Ahmed Hassan

@irsolutions

With over 10 years of experience in web and mobile development, I understand the importance of conducting a CREST-approved penetration test for your Web App and Azure Infrastructure project. Your requirement for covering OWASP Top 10, infrastructure, and API endpoints aligns perfectly with my expertise in security testing and remediation. I have a proven track record in delivering successful projects in the cybersecurity domain, ensuring the protection of sensitive data and infrastructure. My experience in working on similar projects, combined with my proficiency in identifying vulnerabilities and providing comprehensive remediation guidance, makes me the ideal candidate for this role. I am confident that my skills in conducting penetration tests and creating detailed reports will meet and exceed your expectations. Let's work together to secure your project and ensure its resilience in the face of potential threats. Contact me now to discuss how we can proceed with this project effectively. Thank you.

@MIndlabsAi6

Hello, I am Vishal Maharaj, with 20 years of expertise in Azure, API Testing, and Network Security. I have carefully reviewed your project requirements. For the CREST Penetration Tester project, I will conduct a comprehensive CREST-approved penetration test covering OWASP Top 10, infrastructure, and API endpoints. I will provide a detailed pen test plan, a comprehensive CREST report, and a remediation list to ensure the security of your web app and Azure infrastructure. Additionally, I can offer an optional retest as part of my service. I am UK-based and can invoice as a self-employed contractor. I am ready to work collaboratively with your team during the 2-week delivery sprint. Let's discuss further details. Please initiate the chat. Cheers, Vishal Maharaj

@habiba8730

Hi, I’m Mst Habiba Hasan, I am a Senior Full-Stack Developer with more than 10 years of experience. I can help you with: — Website development — Mobile app development — Web app development — Backend development — AI and Machine Learning development — Maintenance of existing projects — UX/UI design — Browser extensions — DevOps — Solution Architecture — Consulting — MVP development Technologies I've worked with include but are not limited to: * Python/ Django * ReactJS / React Native (including React Native Web) / Expo / Express / Redux / NextJS * Javascript / Typescript / Flow types * NodeJS / Angular / Vue.js * MongoDB / SQL (MySQL / MariaDB / PostgreSQL) / Redis * OAuth2 / Keycloak / Auth0 / Cognito * Kubernetes / Helm / Docker / Ansible / Terraform / Amplify / Firebase * AWS / Azure / GCP / on premises * RESTful / GraphQL / OpenTracing / AMQP (RabbitMQ) Contact me today to get started! I’m excited to collaborate and bring your vision to life. Best regards, Mst Habiba Hasan

@Alesha1018

Hello, hope you are doing well, As a seasoned technology professional with extensive experience, including API testing, I believe I can successfully fulfill your requirements for a CREST Penetration Tester. With an in-depth understanding of web and app development, AI integration, blockchain solutions, and data engineering, I bring a comprehensive skill set to the table. While I recognize the project calls for UK-based talent, as someone who has worked globally, I am confident in my ability to navigate international challenges. In addition to my skills, I offer a passion for accuracy and detail that aligns perfectly with the nature of a penetration test. I shine in intense delivery sprints because I thrive under pressure and value clear communication. My unique blend of creativity and technical expertise allows me to approach problems holistically— identifying vulnerabilities and providing remediation guidance that isn't just effective but also innovative. To sum it up, if you choose me for this project, you're not just getting an individual proficient in penetration testing. You're getting someone who's capable of comprehensively analyzing your Azure infrastructure while applying the OWASP Top 10 standards. Above all, you're getting an efficient, creative and dependable partner who will provide you with a meticulously detailed report and actionable next steps for any issues identified. Let's collaborate to make your platforms safer than ever before!

@revival786

Greetings! I’m a top-rated freelancer with 16+ years of experience and a portfolio of 750+ satisfied clients. I specialize in delivering high-quality, professional CREST penetration testing services tailored to your unique needs. Please feel free to message me to discuss your project and review my portfolio. I’d love to help bring your ideas to life! Looking forward to collaborating with you! Best regards, Revival

@billybryan98

Hello DTAC, I’m a UK-based independent security tester with CREST-aligned methods, specializing in web apps, APIs, and Azure. I will deliver a CREST-compliant penetration test covering OWASP Top 10, infrastructure, and API endpoints, plus a full report and remediation guidance, within your two-week sprint. I have previously led similar engagements, producing a clear test plan, comprehensive CREST report, and actionable remediation lists, with risk-based findings tailored to cloud and API surfaces. I will handle the entire engagement solo, coordinating with your team as needed, and ensure timely delivery. I can work as a self-employed contractor and invoice accordingly. Please share any constraints or questions . I am ready to discuss next steps and scheduling. Best regards, Billy Bryan

@codefusion53

Hi Thank you for outlining the scope clearly. I want to be transparent that I am not CREST certified and therefore would not be able to deliver a CREST accredited penetration test or official CREST report under my own accreditation. That said, I do have strong experience supporting web application and Azure security hardening, API security reviews, OWASP Top 10 mitigation, and pre assessment remediation preparation. If you require support in preparing the environment before your CREST engagement, validating configurations, reviewing Azure security posture, or assisting with remediation after findings are issued, I can add value in those areas. I understand that for DTAC and compliance aligned projects, formal accreditation and UK based certification are mandatory. If you would like support alongside your certified tester, I am open to collaborating within your two week sprint. Best, Justin

@Lazarone1

Hi, that’s great to hear! Your project closely aligns with one I recently completed. In that project, I built a full CREST-aligned penetration testing framework covering web applications, Azure cloud infrastructure, and API endpoint assessments using OWASP Top 10 methodologies, automated scanning tools, and manual exploitation techniques with Azure security baselines, cloud-native monitoring, and network hardening controls. This experience directly matches your need for a UK-based tester supporting a 2-week intensive delivery sprint, including delivering a pen test plan, full CREST report, and detailed remediation guidance. I’d be glad to connect and share my experience in more detail over chat. Thank you. Best regards, Lazar

@nadiad382

As a Full Stack Website Developer with a major focus on network security, I believe I am the ideal candidate for your Web App and Azure Infrastructure penetration testing project. I possess a comprehensive understanding of OWASP and CREST-approved methodologies, in addition to my proven track record in delivering top-notch results within tight timeframes. My approach to building websites ensures optimum performance even under heavy traffic scenarios, an asset that is essential for penetration testing. In terms of credentials, my work over the years includes securing web applications against both internal and external threats. I'm adept at identifying vulnerabilities across API endpoints and other aspects of web infrastructure, ensuring robust risk management. The emphasis on a small, focused team aligns perfectly with my style; I value effective communication and believe in prioritizing long-term solutions over quick fixes. In conclusion, partnering with me for this project means gaining access to a highly skilled professional deeply committed to your cyber-security needs. My ability to invoice as a self-employed contractor further streamlines the process. Let's start making your web ecosystem more secure together!

@dataspro

Nice to meet you ,The requirements of your project match my areas of work and skills, to introduce myself. My name is Anthony Muñoz and i am the lead engineer for DS Pro IT agency. I have worked for over 10 years as a Full-Stack and software development engineer and have successfully done multiple jobs. It will be a pleasure to work together to make your project. Feel free to discuss about the project with me, greetings.

@kamaleshp1

As an experienced cybersecurity professional specializing in web and mobile application security, I deliver meticulous penetration testing aligned with project requirements. Over five years, I’ve mastered Burp Suite, OWASP ZAP, SQLMap, Nikto, and Nmap, applying repeatable, standards-driven methodologies. My testing aligns with OWASP Top 10, uncovering issues such as SQL injection, XSS, and other critical threats. I hold the OSCP certification and am a CREST Registered Penetration Tester, reflecting strong technical expertise, industry-recognized accreditation, and ethical practice. Beyond identifying vulnerabilities, I provide clear, actionable remediation guidance, ensuring security improvements are practical, measurable, and effective. Clients receive comprehensive reports, risk prioritization, and ongoing support throughout remediation cycles and follow-up validation.