Browse categories
Explore
Fiverr Pro
English
$
USD
I will do advanced web application and API penetration testing with ai
I am an Award-Winning Cybersecurity Specialist & AI Red Teamer with a Master's in Cyber Security and 4+ years of enterprise experience. I bridge the gap between offensive security and AI. I help busin...
Level 1
Has met certain performance criteria and shows strong potential in the marketplace.
About this Gig
Please message me before placing an order so I can understand your specific needs. I am Rokibul Roni, an Award-Winning Cybersecurity Specialist with a Master's in Cyber Security and over 4 years of hands-on experience at enterprise security firms. In this gig, I will perform a thorough penetration test on your web application and API endpoints to find security weaknesses before they become real problems.
Here is what I cover:
- SQL Injection, XSS, SSRF, and server-side vulnerabilities
- Authentication, session management, and access control flaws
- REST and GraphQL API security testing including BOLA
- Business logic issues that automated scanners typically miss
- Full alignment with OWASP Top 10 and MITRE ATT&CK
I combine deep manual testing with AI-assisted analysis to find complex vulnerabilities faster and more accurately than standard tools alone.
After the assessment, you will receive:
- Executive summary and detailed technical report with PoC
- CVSS risk scores and prioritized remediation steps
- Post-fix retesting (Standard and Premium)
Send me a message and let us discuss how to secure your application.
Operating system:
Windows
•
IOS
•
Android
•
OSX
•
Vmware
My Portfolio
Other Support & IT Services I Offer
FAQ
What information do you need to get started?
I need the target URL, API docs if available, and test credentials for authenticated areas. We will discuss the full scope via message before starting.
What tools do you use?
Burp Suite, OWASP ZAP, Nmap, Nikto, and custom Python scripts. I also use AI-assisted analysis for deeper coverage than standard automated scanners.
How do you keep my data confidential?
I treat every project with strict confidentiality and I am happy to sign an NDA. All findings and access details are securely handled and removed after the project ends.
Will the testing cause any downtime to my live website?
No. I use safe, non-disruptive methods. For production sites I test during low-traffic hours. If you have a staging environment, I recommend starting there.
Do you help fix the issues or just report them?
I provide a prioritized report with step-by-step fix guidance. Standard and Premium packages include retesting after your team applies fixes to confirm resolution.
What kind of report will I receive?
An executive summary for management, a technical report with proof-of-concept screenshots, CVSS risk scores for each finding, and a prioritized remediation roadmap.
Can you test both my website and mobile app API?
Yes. I test web apps, REST APIs, GraphQL endpoints, and backend services your mobile app uses. Share your full scope in our initial conversation.
How is your service different from automated scanners?
Scanners catch surface-level issues only. I do deep manual testing with AI-assisted analysis to find business logic flaws and chained vulnerabilities no scanner can detect.
Do you have professional background or certifications?
I hold a Master's in Cyber Security, CISSP, CASP+, ISO 27001 training, and 4+ years at enterprise firms. Search "RokibulRoni" on Google to learn more about my work.
Can I hire you for ongoing security testing?
Yes. Many clients schedule quarterly or monthly assessments. After our first project we can set up a custom arrangement. Message me to discuss.
