Web Application Penetration Tester
Posted on :
14-03-2024
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Monthly Salary
Not Disclosed
Salary Not Disclosed
Vacancy
1 Vacancy
Posted on :
14-03-2024
Job Description
Req ID : 2625642
Responsibilities:
Conduct comprehensive testing of each interface to the web applications covering the server operating system application platform and database.
Conduct comprehensive testing of web application interfaces including server application platform and database.
Assess web applications for weaknesses vulnerabilities and misconfigurations.
Utilize a threephased structured methodology including Enumeration Vulnerability Assessment and Exploitation.
Perform penetration testing on defined parameters including 1 main URL and 2 subdomains with up to 15 applications.
Adhere to the policy of not performing Denial of Service (DoS) attacks unless explicitly approved.
Provide detailed reports outlining identified vulnerabilities prioritized remediation needs and associated risk assessments.
Attempt to exploit any identified vulnerability or misconfiguration.
Provide recommendations for addressing identified issues based on impact assessment.
Stay updated on the latest web application security trends and vulnerabilities.
Engage in discussions regarding identified vulnerabilities and recommended remediation.
Identify vulnerabilities that may pose an exploitable risk to the organization.
Utilize a threephased structured methodology for application penetration testing:
Enumeration: Identify and catalog assets services and functionality.
Vulnerability Assessment: Assess the application for weaknesses and misconfigurations.
Exploitation: Attempt to exploit identified vulnerabilities and misconfigurations.
Perform penetration testing on:
website.
applications
Adhere to the policy that DoS attacks will not be performed unless explicitly approved.
Attempt to exploit any identified vulnerability or misconfiguration.
Provide a detailed report including:
Identification of prioritized remediation needs.
Requirements for addressing identified issues.
Associated risk assessment for each finding.
Conduct comprehensive testing of each interface to the web applications covering the server operating system application platform and database.
Conduct comprehensive testing of web application interfaces including server application platform and database.
Assess web applications for weaknesses vulnerabilities and misconfigurations.
Utilize a threephased structured methodology including Enumeration Vulnerability Assessment and Exploitation.
Perform penetration testing on defined parameters including 1 main URL and 2 subdomains with up to 15 applications.
Adhere to the policy of not performing Denial of Service (DoS) attacks unless explicitly approved.
Provide detailed reports outlining identified vulnerabilities prioritized remediation needs and associated risk assessments.
Attempt to exploit any identified vulnerability or misconfiguration.
Provide recommendations for addressing identified issues based on impact assessment.
Stay updated on the latest web application security trends and vulnerabilities.
Engage in discussions regarding identified vulnerabilities and recommended remediation.
Identify vulnerabilities that may pose an exploitable risk to the organization.
Utilize a threephased structured methodology for application penetration testing:
Enumeration: Identify and catalog assets services and functionality.
Vulnerability Assessment: Assess the application for weaknesses and misconfigurations.
Exploitation: Attempt to exploit identified vulnerabilities and misconfigurations.
Perform penetration testing on:
website.
applications
Adhere to the policy that DoS attacks will not be performed unless explicitly approved.
Attempt to exploit any identified vulnerability or misconfiguration.
Provide a detailed report including:
Identification of prioritized remediation needs.
Requirements for addressing identified issues.
Associated risk assessment for each finding.
Qualifications:
Minimum of 3 years of experience in the cybersecurity field.
Proven track record of conducting web application penetration tests.
Possess relevant industry cybersecurity certifications such as Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) or equivalent.
Proficiency in using web application penetration testing tools.
Strong understanding of web application security principles and common vulnerabilities.
Excellent written and verbal communication skills.
Ability to convey complex technical findings to both technical and nontechnical stakeholders.
Adherence to ethical standards in performing penetration testing.
Commitment to client confidentiality and data protection.
Strong analytical and problemsolving skills.
Ability to analyze complex applications and identify potential security risks.
Ability to work collaboratively with internal teams and external stakeholders.
Willingness to engage in discussions regarding identified vulnerabilities and recommended remediation.
Minimum of 3 years of experience in the cybersecurity field.
Proven track record of conducting web application penetration tests.
Possess relevant industry cybersecurity certifications such as Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) or equivalent.
Proficiency in using web application penetration testing tools.
Strong understanding of web application security principles and common vulnerabilities.
Excellent written and verbal communication skills.
Ability to convey complex technical findings to both technical and nontechnical stakeholders.
Adherence to ethical standards in performing penetration testing.
Commitment to client confidentiality and data protection.
Strong analytical and problemsolving skills.
Ability to analyze complex applications and identify potential security risks.
Ability to work collaboratively with internal teams and external stakeholders.
Willingness to engage in discussions regarding identified vulnerabilities and recommended remediation.
Technology stacks
1. Operating Systems:
Kali Linux: A Debianbased Linux distribution designed for penetration testing and security assessments.
2. Web Application Scanners:
Burp Suite: A comprehensive platform for web application security testing that includes a web scanner crawler and various other tools.
3. Network Scanners:
Nmap: A powerful opensource tool for network discovery and security auditing.
4. Vulnerability Scanners:
Nessus: A widely used vulnerability scanning tool for identifying security vulnerabilities configuration issues and malware.
5. Exploitation Frameworks:
Metasploit: An opensource penetration testing framework that helps in developing testing and executing exploit code.
6. Database Security Tools:
SQLMap: A tool for automatic SQL injection and database takeover.
7. Password Cracking Tools:
John the Ripper: A password cracking tool.
Hashcat: An advanced password recovery tool.
8. Web Application Firewall (WAF) Bypass:
WAFW00F: Identifies and fingerprint web application firewalls (WAFs) and protection systems.
9. Proxy Tools:
OWASP ZAP (Zed Attack Proxy): An opensource web application security scanner used for finding vulnerabilities in web applications during the development and testing phases.
10. Browser Developer Tools:
Chrome DevTools Firefox Developer Tools: Builtin browser tools for inspecting and debugging web pages analyzing network traffic and identifying security issues.
11. Packet Sniffers:
Wireshark: A widely used network protocol analyzer for packet capturing.
12. Social Engineering Toolkit (SET):
SET: A toolkit for simulating social engineering attacks including phishing campaigns.
13. Collaboration Tools:
Slack JIRA: Communication and project management tools for collaboration with team members and clients.
14. Documentation Tools:
Markdown Editors (e.g. Visual Studio Code): For documenting findings and creating reports.
15. Virtualization Tools:
VirtualBox VMware: Virtualization platforms for setting up test environments.
16. Version Control System:
Git: Version control system for tracking changes in the code/scripts.
1. Operating Systems:
Kali Linux: A Debianbased Linux distribution designed for penetration testing and security assessments.
2. Web Application Scanners:
Burp Suite: A comprehensive platform for web application security testing that includes a web scanner crawler and various other tools.
3. Network Scanners:
Nmap: A powerful opensource tool for network discovery and security auditing.
4. Vulnerability Scanners:
Nessus: A widely used vulnerability scanning tool for identifying security vulnerabilities configuration issues and malware.
5. Exploitation Frameworks:
Metasploit: An opensource penetration testing framework that helps in developing testing and executing exploit code.
6. Database Security Tools:
SQLMap: A tool for automatic SQL injection and database takeover.
7. Password Cracking Tools:
John the Ripper: A password cracking tool.
Hashcat: An advanced password recovery tool.
8. Web Application Firewall (WAF) Bypass:
WAFW00F: Identifies and fingerprint web application firewalls (WAFs) and protection systems.
9. Proxy Tools:
OWASP ZAP (Zed Attack Proxy): An opensource web application security scanner used for finding vulnerabilities in web applications during the development and testing phases.
10. Browser Developer Tools:
Chrome DevTools Firefox Developer Tools: Builtin browser tools for inspecting and debugging web pages analyzing network traffic and identifying security issues.
11. Packet Sniffers:
Wireshark: A widely used network protocol analyzer for packet capturing.
12. Social Engineering Toolkit (SET):
SET: A toolkit for simulating social engineering attacks including phishing campaigns.
13. Collaboration Tools:
Slack JIRA: Communication and project management tools for collaboration with team members and clients.
14. Documentation Tools:
Markdown Editors (e.g. Visual Studio Code): For documenting findings and creating reports.
15. Virtualization Tools:
VirtualBox VMware: Virtualization platforms for setting up test environments.
16. Version Control System:
Git: Version control system for tracking changes in the code/scripts.
Employment Type
Full Time
Key Skills
- Asset
- Front Desk
- Banking & Finance
- Jboss
- Accident Investigation
- Chemistry
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
