Hi ,
I am not sure about your availability for a new job.
Please let me know if you are available and interested in this position.
I can get you an interview latest by tomorrow morning.
Functional Security Testing
Remote with 20% travel
6+ months contract
Input validation bypass Client side validation routines and bounds-checking restrictions are removed to ensure controls are implemented on all application parameters sent to the server.
SQL injection Specially crafted SQL commands are submitted in input fields to validate input controls are in place to properly protect database data.
Cross-site scripting Active content is submitted to the application in an attempt to cause a user's web browser to execute unauthorized and unfiltered code. This test is meant to validate user input controls.
Parameter tampering - Query strings, POST parameters, and hidden fields are modified in an attempt to gain unauthorized access to user data or application functionality.
Cookie poisoning Data sent in cookies is modified in order to test application response to receiving unexpected cookie values.
Session hijacking Client attempts to take over a session established by another user to assume the privileges of that user.
User privilege escalation Client attempts to gain unauthorized access to administrator or other users privileges.
Credential manipulation Client modifies identification and authorization credentials in an attempt to gain unauthorized access to other users data and application functionality.
Forceful browsing Client enumerates files located on a web server in an attempt to access files and user data not explicitly shown to the user within the application interface.
Backdoors and debug options Many applications contain code left by developers for debugging purposes. Debugging code typically runs with a higher level of access, making it a target for potential exploitation. Application developers may leave backdoors in their code. Client Business will identify these options that could potentially allow an intruder to gain additional levels of access.
Configuration subversion Improperly configured web servers and application servers are common attack vectors. Client assesses the software features, as well as the application and server configuration for poor configurations.
Tools
HP Software (Formally SPI Dynamics) WebInspect
Nessus (Infrastructure Testing)
Tamper Data
BurpSuite Pro
Regards,
________________________________________
Vikas Kanoongo
Recruitment | Sales
IdeaReboot
9055 SW 73rd CT, Unit 1409
Miami, Florida 33156 United States
vkanoongo@ideareboot.com | Work: 315.683.3001 | Fax: 305.397.2534
Join My Linkedin Network
http://www.linkedin.com/in/vikaskanoongoFollow our latest available jobs on Twitter
http://twitter.com/ideareboot
OSCP - Offensive Security Certified Professional : Failed my first attempt at the OSCP exam
