Browse categories
Explore
Fiverr Pro
English
$
USD
I will perform a webapp security audit and penetration testing
Breaking security, not ethics
I'm a certified React/Next.js developer and security researcher (OSCP · CEH · eWPTX). I build fast, secure web apps using TypeScript, Tailwind, and Supabase — and I audit them for vulnerabilities othe...
About this Gig
Is your web application actually secureor just looks like it?
Most developers build features; few think like attackers. I do both. I'm Muhammad Mohida certified penetration tester and active security researcher (OSCP · CEH · eWPTX · CISSP). With proven bounties on HackerOne and Bugcrowd, I audit applications to uncover critical vulnerabilities before malicious hackers do.
What I Test:
- OWASP Top 10: SQLi, XSS, CSRF, IDOR, Broken Auth.
- API Security: Broken object-level auth, mass assignment, rate limiting.
- Deep Logic Flaws: Business logic bypasses & session management flaws.
- Manual Auditing: Real, hands-on attack simulation beyond automated scanners
What You Receive:
- Professional PDF Report: Includes an executive summary for stakeholders.
- Risk Ratings: Clear severity mapping (Critical to Low).
- Actionable PoCs: Screenshots/recordings replicating the exact attack path.
- Developer Remediation: Clear, code-level fixes to patch every gap.
Why Choose Me?
- Gold-standard practical certifications (OSCP, eWPTX).
- Strict confidentiality (NDA available upon request).
️ Note: Legal authorization is strictly required. I only audit systems you own or have explicit written permission to test.
My Portfolio
FAQ
Do I need to give you access to my source code?
No — I perform black-box testing by default, testing the live application as an attacker would. For Premium orders, optional source code review is available for deeper findings.
Will testing affect my live site?
I recommend testing on a staging/development environment. I use non-destructive techniques, but testing on a staging server eliminates any risk to production data.
What format is the security report?
A professionally formatted PDF with an executive summary, full technical findings, risk ratings (Critical/High/Medium/Low), proof-of-concept evidence, and step-by-step remediation for each vulnerability.
Is this legal? How do I know you won't misuse my data?
I only test applications you own or have written permission to test. I hold OSCP and CEH certifications which require adherence to strict ethical codes. An NDA is available for all Premium orders and on request for others.
