Job Description
Seeking an experienced application security tester to perform authenticated dynamic testing of a Django-based web application implemented as plugins.
Focus areas include authentication and session management, role-based access control, logic flaws, XSS (stored and reflected), CSRF, input validation weaknesses, insecure file handling, API abuse, sensitive data exposure, and security misconfiguration.
Testing should align broadly to OWASP Top 10 / OWASP Testing Guide, using tools such as Burp Suite or OWASP ZAP alongside manual validation.
This is not an infrastructure test, just the application. I.e. we're not testing the web server (NGINX), only the web application.
A structured report is required with reproducible steps, affected endpoints, impact, and severity ratings.
After remediation by our development team, at least one rescan will be required, with a possible second validation pass if needed.
We'll give you access to a server and the application for testing, a...
Focus areas include authentication and session management, role-based access control, logic flaws, XSS (stored and reflected), CSRF, input validation weaknesses, insecure file handling, API abuse, sensitive data exposure, and security misconfiguration.
Testing should align broadly to OWASP Top 10 / OWASP Testing Guide, using tools such as Burp Suite or OWASP ZAP alongside manual validation.
This is not an infrastructure test, just the application. I.e. we're not testing the web server (NGINX), only the web application.
A structured report is required with reproducible steps, affected endpoints, impact, and severity ratings.
After remediation by our development team, at least one rescan will be required, with a possible second validation pass if needed.
We'll give you access to a server and the application for testing, a...
Ready to Apply?
Take the next step in your AI career. Submit your application to Confidential today.
Submit Application