Stellenbeschreibung:

Description:
We operate an online register for Swiss SMEs. The web application manages highly sensitive data and must comply with the highest security standards.

We are looking for a qualified penetration tester (or team) to perform a structured security assessment of our application according to the OWASP Testing Guide and deliver a professional report.


Scope of Work

• Perform penetration testing based on the OWASP Web Security Testing Guide (latest version)
• Blackbox and Greybox testing (we will provide test accounts and credentials)
• Cover all relevant OWASP Top 10 vulnerabilities, including:
  • Injection (SQLi, NoSQLi, etc.)
  • Broken Authentication / Session Management
  • Cross-Site Scripting (XSS)
  • Broken Access Control (e.g., unauthorized access to shareholder data)
  • Security Misconfiguration
  • Sensitive Data Exposure (personal and financial data)
  • Insufficient Logging & Monitoring
• Test both frontend (web UI) and backend APIs (REST)
• Environment: SaaS cloud deployment (details will be shared under NDA)


Deliverables
Technical Report
• Detailed description of findings
• Classification by severity (Critical, High, Medium, Low)
• Proof of Concept (PoC) for each exploit
• Management Summary


Requirements for the Contractor

• Proven experience with OWASP-based penetration testing
• Strong background in web applications, SaaS, or FinTech systems preferred
• Security certifications (OSCP, CEH, GPEN, etc.) are a plus
• Ability to deliver clear, structured documentation (English or German)


Project Details

• Start: ASAP (negotiable)
• Budget: please provide a realistic estimate based on scope
• NDA required


When applying, please answer briefly:

• Which OWASP-based tests do you typically perform?
• What tools and methodologies do you use?
• Can you provide anonymized sample reports or references?