Web Application Penetration Test (Budget-Conscious) Project Overview
We are looking for a practical, no-nonsense penetration test of a web-based application. The goal is to identify obvious and material security weaknesses and provide clear, actionable fixes, not to produce an academic or compliance-heavy report.
This is a small, well-defined engagement suitable for an experienced freelancer.
Scope of Testing
In scope:
Public-facing web application
Login, authentication, and authorisation flows
Application APIs
Input validation and data handling
Out of scope:
Denial of Service (DoS) testing
Social engineering or phishing
Physical security
Third-party platforms or services
Testing Approach
Grey-box testing (limited information provided)
Combination of automated tools and manual testing
Focus on OWASP Top 10 style vulnerabilities
Emphasis on realistic attack paths, not theoretical issues
Deliverables
A concise written report including:
Short executive summary
List of vulnerabilities found
Severity rating (Critical / High / Medium / Low)
Evidence (screenshots or request/response samples)
Clear remediation steps
Length expectation: 10–15 pages max (brevity preferred).
Optional:
Re-test after fixes (separately priced)
Constraints & Rules
Testing during agreed time window
No intentional data deletion or service disruption
Any critical issue to be reported immediately
Do not retain or share any data after completion
Pricing Guidance
To keep proposals aligned:
Expected effort: 1–3 days testing + 1 day reporting
Target budget range: £500
Please explain clearly if your proposal exceeds this range
We are not seeking enterprise compliance certification or formal audit sign-off — just solid security coverage at sensible cost.
