hi there,

i am a technical recruiter looking specifically for security specialists. if you are still looking for opportunities, please feel free to contact me at ac[at]systegration[dot]com or 847-375-8700 x240.

thank you!

andrea cross

Hi ,

I am not sure about your availability for a new job.
Please let me know if you are available and interested in this position.
 
I can get you an interview latest by tomorrow morning.

Functional Security Testing
Remote with 20% travel
6+ months contract
•   Input validation bypass – Client side validation routines and bounds-checking restrictions are removed to ensure controls are implemented on all application parameters sent to the server.
•   SQL injection – Specially crafted SQL commands are submitted in input fields to validate input controls are in place to properly protect database data.
•   Cross-site scripting – Active content is submitted to the application in an attempt to cause a user's web browser to execute unauthorized and unfiltered code. This test is meant to validate user input controls.
•   Parameter tampering - Query strings, POST parameters, and hidden fields are modified in an attempt to gain unauthorized access to user data or application functionality.
•   Cookie poisoning – Data sent in cookies is modified in order to test application response to receiving unexpected cookie values.
•   Session hijacking – Client attempts to take over a session established by another user to assume the privileges of that user.
•   User privilege escalation – Client attempts to gain unauthorized access to administrator or other users’ privileges.
•   Credential manipulation – Client modifies identification and authorization credentials in an attempt to gain unauthorized access to other users’ data and application functionality.
•   Forceful browsing – Client enumerates files located on a web server in an attempt to access files and user data not explicitly shown to the user within the application interface.  
•   Backdoors and debug options – Many applications contain code left by developers for debugging purposes. Debugging code typically runs with a higher level of access, making it a target for potential exploitation. Application developers may leave backdoors in their code.  Client Business will identify these options that could potentially allow an intruder to gain additional levels of access.
•   Configuration subversion – Improperly configured web servers and application servers are common attack vectors.  Client assesses the software features, as well as the application and server configuration for poor configurations.
Tools
•   HP Software (Formally SPI Dynamics) WebInspect
•   Nessus (Infrastructure Testing)
•   Tamper Data
•   BurpSuite Pro



Regards,
________________________________________
Vikas Kanoongo
Recruitment | Sales

IdeaReboot
9055 SW 73rd CT, Unit 1409
Miami, Florida 33156 United States

vkanoongo@ideareboot.com | Work: 315.683.3001 | Fax: 305.397.2534

Join My Linkedin Network http://www.linkedin.com/in/vikaskanoongo
Follow our latest available jobs on Twitter http://twitter.com/ideareboot