Browse categories
Explore
Fiverr Pro
English
$
USD
I will do penetration testing for your website security and find vulnerabilities
Bashir A
5.0
5.0
About this gig
I will secure your web application by fixing security bugs and vulnerabilities that hackers may exploit with real world experience!
Testing bugs such as:
- XSS (reflected, stored, blind)
- SQLi
- IDOR
- BAC
- Broken authentication
- CORs misconfiguration
- Session hijacking
- Rate limiting
- Account takeovers
- Subdomain takeovers
- Sensitive data disclosure (secrets, .env, .git, API keys and more)
- Business logic vulnerabilities
And more!
I've been in the field of security researching for 5 years, have worked on Bugcrowd for 3 years and worked as a community leader for the largest hackathon in Pakistan. Needless to say I have quite the experience in web hacking and security. I'm also a NodeJS programmer and can identify NodeJS vulnerabilities extensively.
Each order will have an extensive report on the bugs and security of the website by the end.
More information about packages can be found in FAQs
1 order = 1 website.
Please contact before ordering so I can review everything accordingly!
Respect third-party rights
Please be aware that it is against Fiverr's policies for sellers to include themes, templates, or any other elements that infringe third-party rights or applicable laws in the delivered work. Read more about in our Guide to Responsible Digital Creation.
Get to know Bashir A
Bashir A
Web Developer and Security Researcher with 5 years of experience
- FromPakistan
- Member sinceFeb 2026
- Avg. response time1 hour
- Last delivery4 weeks
Languages
English
I'm a self-taught programmer who loves to troubleshoot computer errors. When I was 14 years old, I wrote an educational-only ransomware in python called "Kesug" for coding practice, currently I am building a SaaS project using Node.js and EJS. I am one of the founders of BinaryCircuits, worked as a Community Leader for the Digital Pakistan Cybersecurity Hackathon, and have spent my time in web security and bug bounties, learning aspects of developing a secure web application. The service is provided by a minor under an account legally owned by the parents of Hassan Bashir.
My Portfolio
FAQ
What do I get in basic package?
Quick Security Audit - Automated scans - .env, .git, secrets exposure checks - API key and token leak detection - Dependency vulnerability scan - Basic CORS and configuration review - Detailed security report Ideal for small projects, personal apps, or a quick safety check before launch.
What do I get in standard package?
OWASP Node.js Security Audit Everything in Basic plus: - Manual code review - OWASP Top 10 analysis - Authentication and authorization review - Session and cookie security - Input validation and sanitization checks - API endpoint security review - Detailed professional report Recommended for SaaS
What do I get in premium package?
Complete Security Audit + Fixes Everything in Standard plus: - Vulnerability fixes in code - Security hardening implementation - Custom endpoint testing - Full application review - Production security improvements - Full security summary Best for businesses without needing to fix code themselves.
What access do you need to perform the security audit?
Depending on the package, I may need one or more of the following: Live website URL or staging link Test user account Source code or repository access (for code review packages) Hosting or server details (only if hardening/fixes are included) All information is kept strictly confidential.
Will you perform destructive testing or exploit my production system?
No. All testing is performed safely and responsibly. I avoid any actions that could damage your application, data, or users. If any higher-risk testing is required, I will discuss it with you first
Can you fix the vulnerabilities you find?
Yes. Vulnerability fixes and security hardening are included in the Complete Security Audit + Fixes package. For other packages, I provide clear step-by-step remediation guidance.
Do you work with staging or development environments?
Yes, and it is recommended. Testing on a staging or development environment helps avoid any impact on live users. If you only have production, I will proceed carefully.
What kind of applications do you support?
I specialize in: Node.js / Express applications REST APIs and backend services SaaS platforms and dashboards Authentication-based web apps If your project is large or uses a custom architecture, please contact me before ordering.
How big of a project is included in one order?
1 order = 1 application or website. If your project is large (many services, microservices, or multiple domains), please message me for a custom offer.
Will my code and data remain confidential?
Yes. Your code, credentials, and project details are treated as strictly confidential and will never be shared or reused.
Reviews
1 reviews for this Gig
| (1) | ||
| (0) | ||
| (0) | ||
| (0) | ||
| (0) |
Rating Breakdown
- Seller communication level
- Quality of delivery
- Value of delivery
Sort By
Most relevant
M mrnegocuos
Repeat Client
Spain
Excellent work. The security report is very detailed, professional, and clear. The communication was fast and he understood exactly what I needed for my agency. I will definitely work with him again for future audits. 5 stars!"
Up to $50
Price
7 days
Duration
Helpful?
Reviews
1 reviews for this Gig
| (1) | ||
| (0) | ||
| (0) | ||
| (0) | ||
| (0) |
Rating Breakdown
- Seller communication level
- Quality of delivery
- Value of delivery
Sort By
Most relevant
M mrnegocuos
Repeat Client
Spain
Excellent work. The security report is very detailed, professional, and clear. The communication was fast and he understood exactly what I needed for my agency. I will definitely work with him again for future audits. 5 stars!"
Up to $50
Price
7 days
Duration
Helpful?
