Remote with 20% travel
6+ months contract
• Input validation bypass – Client side validation routines and bounds-checking restrictions are removed to ensure controls are implemented on all application parameters sent to the server.
• SQL injection – Specially crafted SQL commands are submitted in input fields to validate input controls are in place to properly protect database data.
• Cross-site scripting – Active content is submitted to the application in an attempt to cause a user's web browser to execute unauthorized and unfiltered code. This test is meant to validate user input controls.
• Parameter tampering - Query strings, POST parameters, and hidden fields are modified in an attempt to gain unauthorized access to user data or application functionality.
• Cookie poisoning – Data sent in cookies is modified in order to test application response to receiving unexpected cookie values.
• Session hijacking – Client attempts to take over a session established by another user to assume the privileges of that user.
• User privilege escalation – Client attempts to gain unauthorized access to administrator or other users’ privileges.
• Credential manipulation – Client modifies identification and authorization credentials in an attempt to gain unauthorized access to other users’ data and application functionality.
• Forceful browsing – Client enumerates files located on a web server in an attempt to access files and user data not explicitly shown to the user within the application interface.
• Backdoors and debug options – Many applications contain code left by developers for debugging purposes. Debugging code typically runs with a higher level of access, making it a target for potential exploitation. Application developers may leave backdoors in their code. Client Business will identify these options that could potentially allow an intruder to gain additional levels of access.
• Configuration subversion – Improperly configured web servers and application servers are common attack vectors. Client assesses the software features, as well as the application and server configuration for poor configurations.
• HP Software (Formally SPI Dynamics) WebInspect
• Nessus (Infrastructure Testing)
• Tamper Data
• BurpSuite Pro
Recruitment | Sales
9055 SW 73rd CT, Unit 1409
Miami, Florida 33156 United States
vkanoongo at ideareboot dot com | Work: 315.683.3001 | Fax: 305.397.2534