Web Security Jobs

We are looking for an experienced cybersecurity OSINT researcher to support an external threat intelligence and exposure monitoring platform. This is a long-term opportunity for someone who understands the cyber threat landscape and can efficiently identify, validate, and document publicly available threat intelligence from open and legally accessible sources. Responsibilities: Monitor publicly accessible threat intelligence sources, including: Security forums, Telegram channels, Paste sites, Public breach disclosures, Open-source intelligence (OSINT) sources. Identify credible and relevant intelligence related to: Credential exposures, Data leaks, Public code exposure, Threat actor discussions, Initial access broker activity, Infrastructure exposure Verify and validate findings before...

My WordPress site pushes visitors to random third-party pages. The core pages, posts, and media are all still in place. I have full access to wp-admin, files (FTP/SFTP), and the database, yet I haven’t attempted any fixes, scans, or plugin installs, so the environment is untouched and ready for investigation. What I need is a thorough malware audit and cleanup: • Pinpoint and remove every injected script, backdoor, or rogue .htaccess rule causing the redirects. • Scan theme, plugins, uploads, and database tables for obfuscated code—tools like Wordfence CLI, Sucuri SiteCheck, or equivalent are fine as long as the site leaves 100 % clean. • Patch the entry point, harden permissions, and tighten file ownership so the issue doesn’t return. • Delive...

أعمل على إطلاق موقع تعليمي يُقدّم اختبارات أكاديمية شاملة لكل المواد التعليمية، موجّهة إلى شريحة الطلاب في المراحل المدرسية والجامعية. أحتاج إلى شريك يتولّى تصميم واجهة جذابة وسهلة الاستخدام ثم برمجة المنصة كاملة حتى تصبح جاهزة للنشر. النواة الرئيسة للموقع ستكون نظام الاختبارات: بنك أسئلة قابل للتوسع، فئات بحسب الصف والمادة، مؤقت اختياري، تصحيح فوري مع إظهار النتيجة، ولوحة تحكم تمكّنني من إضافة أو تحديث الأسئلة والبيانات بسهولة. أطمح كذلك إلى لوحة متابعة تقدّم إحصاءات الأداء ودرجات الطلاب. أتوقع تصميمًا متجاوبًا يدعم العربية بالكامل، بنية نظيفة تتيح لاحقًا إضافة وسائط تعليمية أخرى مثل المقالات أو الفيديو. يُعدّ تسليم الكود المصدري، توثيق مختصر لكيفية الإدارة، وتركيب الموقع على الاستضافة النهائية جزءًا من نطاق العمل. إذا كانت لديك خبرة سابقة في بناء منصات تعليمية وقادرة على دمج وظائف الا...

I need an experienced ethical hacker to dive deep into my web application and pinpoint any security weaknesses before they can be exploited in the wild. The sole objective is to identify vulnerabilities, not to gain or provide unauthorized access for malicious purposes. You’ll have full permission to run a comprehensive penetration test against the live site (or a staging clone, if you prefer). Feel free to use the tools you trust most—Burp Suite, OWASP ZAP, Metasploit, custom scripts—so long as the process is legally compliant and doesn’t disrupt service for genuine users. At the end of the engagement I expect: • A clear, well-structured report detailing every vulnerability you uncover, proof-of-concept evidence, risk ratings, and practical remediation advic...

need to verify android app for google

I run a data-rich learning management system that prepares students for judiciary exams. The platform is currently hosted on Lovable Cloud and was built with the Lovable framework. Before we open the doors to paying users, I need a thorough security and stability sweep, a clean migration to Hostinger, and a seamless Stripe checkout flow. Security audit • Focus first on user authentication: session handling, password policies, token expiration, brute-force prevention, and any other weak spots you uncover. • Document every finding, rate its severity, and propose concrete fixes. I will need a concise technical report plus an executive summary I can share with non-technical stakeholders. Bug fixing & hardening Apply the agreed-upon fixes, retest, and confirm that previous...

I want a seasoned security professional to probe my site from every angle and show me—plainly—where a hacker would slip in. My main worry is outright breaches, not just compliance check-boxes, and at the moment I only have the usual basic plugins and a standard SSL certificate in place. You’ll need to run a full vulnerability assessment and light penetration test, review server and application configurations, and evaluate any code that touches the public web. Feel free to bring out Burp Suite, OWASP ZAP, Nikto, or whatever toolset you trust; I’m interested in real-world exploitability, not generic scanner output. Please deliver: • A concise report detailing each weakness, its risk level, and clear remediation steps • A prioritised action plan I c...

I need an experienced ethical hacker to dive deep into my web application and pinpoint any security weaknesses before they can be exploited in the wild. The sole objective is to identify vulnerabilities, not to gain or provide unauthorized access for malicious purposes. You’ll have full permission to run a comprehensive penetration test against the live site (or a staging clone, if you prefer). Feel free to use the tools you trust most—Burp Suite, OWASP ZAP, Metasploit, custom scripts—so long as the process is legally compliant and doesn’t disrupt service for genuine users. At the end of the engagement I expect: • A clear, well-structured report detailing every vulnerability you uncover, proof-of-concept evidence, risk ratings, and practical remediation advic...

Our regional payment subdomain is being flagged by Google Safe Browsing and other security filters as a "potential phishing threat," preventing members from processing payments. We need a technically competent freelancer to diagnose the root cause, implement a secure subdomain solution under our primary corporate domain, and restore trust. Background Primary domain: [Corporate domain managed by headquarters] Payment subdomain: [Regional payment portal — currently flagged] Current impact: Members are discouraged by browsers to proceed, even blocked; payment abandonment is high, credibility is being lost Scope of Work Phase 1: Root Cause Diagnosis (REQUIRED FIRST) Before any fixes, you must: [ ] Scan the payment subdomain for malware, suspicious scripts, or compromise indica...

I am looking for an experienced cybersecurity professional to create a formal Incident Response (IR) report for a security incident involving my Shopify Partner account. The incident occurred after I executed code received from a client, which resulted in unauthorized access and malware-related activity affecting Shopify stores. Scope of work: * Analyze the incident based on provided logs, timeline, and evidence * Identify the root cause of the compromise * Prepare a structured Incident Response (IR) report including: * Root cause analysis * Timeline of events * Scope of impact (affected systems/accounts) * Mitigation and remediation steps taken * Final conclusion confirming system security Requirements: * Experience in cybersecurity / incident response / malware analysis *...

I’m preparing a new cPanel/WHM server that will host several ecommerce sites, so transaction security and uptime are non-negotiable. I have the base installation ready; what I’m missing is a thorough security hardening that covers the key layers: firewall, SSL/TLS, and ongoing malware protection. Here’s exactly what I need from you: • Firewall configuration – Set up and fine-tune CSF (or another proven solution) within WHM, closing unnecessary ports, adding brute-force and flood protection, and making sure the rules survive reboots and updates. • SSL/TLS certificates – Issue and install certificates for every present and future domain via AutoSSL or Let’s Encrypt, ensure forced HTTPS, HSTS where appropriate, and automatic renewal without man...

I need a Standard SSL certificate installed and fully configured on my website. Once the cert is in place I want every page to load over HTTPS, with mixed-content issues resolved and a clean A-grade on SSL Labs (or an equivalent test). If you can also help me generate the CSR and handle any intermediate chain files, please mention that; otherwise I can supply the certificate files once we start. Key deliverables: • Certificate correctly installed on the server, including any intermediate bundles • Automatic redirection from HTTP to HTTPS without breaking existing URLs • Validation that all assets load securely and the padlock displays in every major browser • Post-installation report confirming the successful setup and test results Let me know your estimated t...

I have a newly built software platform running entirely on Firebase and, as part of my contract with the end-client, I must supply an independent penetration-testing report. The application itself is straightforward—no AI components or unusual integrations—so the engagement will be tightly focused on classic web and cloud-hosted attack surfaces. Key focus areas • Authentication issues: confirm sign-in, session handling and privilege escalation vectors are fully locked down. • Data leakage: verify that Firestore, Cloud Storage buckets and any API endpoints are not exposing sensitive information through misconfigurations or improper access rules. • Injection attacks: test for SQL-like or NoSQL injection, as well as any injection vectors in Cloud Functions or...

My dedicated server has suddenly gone offline and WHM now returns a “Server not found” error. I have not tried any troubleshooting yet and, crucially, I do not have backups, so every cPanel account currently hosted must remain intact. I need an experienced systems administrator who can: • Diagnose why WHM is unreachable (network, DNS, service failure, firewall, corrupted files, etc.) • Bring the server back online quickly and verify WHM loads normally • Ensure all existing cPanel accounts, site data, and email remain untouched and fully functional after the fix A rapid response is essential. Please outline how soon you can start, the steps you would take to safeguard data, and any similar recoveries you have handled.

I want someone to be able to go through our website and fix bugs and ensure it works correctly. This is a platform we use to store cars in our yard - we dont take payment on the website only through an eftpos machine and manually add it in at this stage - later down the track we will improve it to give customers an option to go online to book a spot. But in the meantime i need the site to be secure and any bugs to be fixed

My newsletters keep ending up in Gmail’s promotions or spam sections, even though I have Cloudflare managing my DNS and Valimail for authentication. I need a specialist who can review and correct every setting that affects sender reputation so the bulk of my sends land squarely in the primary inbox. Here’s where things stand: • DNS for the domain is routed through Cloudflare. • Valimail is already connected, but I’m not confident SPF, DKIM, DMARC, and BIMI are passing exactly as Gmail expects. • All traffic is newsletter-style content, and deliverability problems happen frequently. What I expect from you: 1. Audit the existing DNS records in Cloudflare and my Valimail dashboard. 2. Generate and publish any missing or sub-optimal SPF, DKIM, DMARC, or...

Urgent web developer needed! I previously hired a freelancer to build me a site, but it was very buggy. So I had someone else take a look, and they told me my keys are public and they used AI coding and very bad too. I cancel the keys. But need fix asap! Must be USA and have experience, no agency. If you're not a bot, tell me what the third planet is.

I need a complete e-commerce platform that also lets customers reserve services or time slots through an online booking module. The core build should include a smooth catalogue experience with advanced product search and filtering, plus a discount / coupon system that I can manage from the back end. Preferred tech stack is flexible, but whatever you choose must support the following local payment options straight out of the checkout flow: • whish money • Omt pay • suyoul • direct bank transfer If an off-the-shelf gateway SDK is unavailable for any of these, custom API work will be required, so please confirm you are comfortable creating and securing bespoke integrations. Key deliverables: 1. Responsive storefront with product and service booking capabilit...

My Linux server was compromised and every file was renamed with the “Sorry-ID” extension. No usable backups exist, but I still have full root access through SSH and the hosting console. I need an experienced security-focused sysadmin (or incident-response specialist) who can: • Attempt decryption or data-recovery of the affected files (STOP/DJVU or any other relevant toolkit) Acceptance is straightforward: no active malicious processes remain, the decrypted or otherwise restored files are accessible in their original names and paths, and I receive the post-mortem report plus a brief checklist of security improvements applied. You will have full root credentials, console screenshots if needed, and immediate access to system logs. I’m ready to start as soon as yo...

I am looking for a highly experienced Linux server and data recovery expert. This is NOT a standard WordPress task. Background: My server was hit by a possible ransomware/malware incident. Both the live data and backup storage were affected. What has been done so far: - Files were recovered using PhotoRec - Many files (.zip, .sql, images) were extracted - HOWEVER: most recovered files appear encrypted or corrupted - Two freelancers already attempted recovery without success Current situation: - Recovered files exist but are unusable - File names are lost (PhotoRec output) - Content appears encrypted, partially overwritten, or damaged - Need deep analysis to determine if recovery is still possible I need to recover 15 specific websites if not all

Scope of Work * Perform security assessment of web application (Python/Django) and APIs * Test authentication, authorization (RBAC), and session management * Identify vulnerabilities (e.g., SQLi, XSS, command injection, API abuse) * Assess Linux and Windows endpoint agents for: * Privilege escalation risks * Service configuration and permissions * Secure communication (TLS) * Evaluate on-prem server security: * Open ports/services * OS hardening * User access and permissions * Conduct network security testing: * Data in transit (encryption) * Internal communication paths * Review installation and deployment process: * RPM/package security * Configurations and secrets handling ⸻ Deliverables * Detailed security report with severity ratings * Proof ...

My site was taken offline by my UK host after it started broadcasting attacks. I need the infection completely removed and the core CMS, plugins, themes and server-side code cleaned so the host will re-enable the account. Once the immediate threat is gone, I also want regular security updates and monitoring so I am not caught out again. If you can set up automated scans, timely patching and a simple monthly report, that would be ideal. I do not yet have any formal compliance obligations, but please build the solution so it can be tightened later should specific requirements arise. Key outcomes I expect: • All malware, backdoors and suspicious files eradicated • Clear documentation of what was found and fixed • Hardening of WordPress, server configs and user credenti...

"नमस्ते प्रतिभा, मेरे पास 'अग्नि परीक्षा' नाम के एक Web-App प्रोजेक्ट के लिए विस्तृत रिक्वायरमेंट है। कृपया नीचे दी गई डिटेल्स देखें और बताएं कि क्या आप इस पर काम कर सकती हैं और आपका अनुमानित बजट और समय क्या होगा?" प्रोजेक्ट का नाम: अग्नि परीक्षा (Agni Pariksha) - Web-App ​प्रोजेक्ट विज़न: एक हाई-परफॉर्मेंस मोबाइल वेब-ऐप (PWA) जहाँ छात्र ₹99 में ई-बुक खरीद सकें, तुरंत डिजिटल बिल प्राप्त करें और ई-बुक आधारित "मेरिट स्कॉलरशिप परीक्षा" में भाग लेकर ₹5,00,000 तक की स्कॉलरशिप जीत सकें। ​1. यूज़र मॉड्यूल (User Experience - Frontend) ​OTP लॉगिन: केवल मोबाइल नंबर और OTP से लॉगिन। Device Binding फीचर अनिवार्य है (एक अकाउंट एक समय में एक ही मोबाइल पर चलेगा)। ​ई-बुक स्टोर और पेमेंट: ₹99 की ई-बुक खरीदने के लिए सरल इंटरफेस। Razorpay/PhonePe का सीधा UPI इंटीग्रेशन। ​ऑटो-बिलि...

**Title:** Build a Premium Web Platform for Offshore Company Formation (Kenya-Focused, Similar to Doola) --- **Project Overview** I am looking for an experienced full-stack developer (or small team) to build a **secure, high-end web platform** for company formation and structuring services. The platform will be inspired by services such as Doola, but tailored specifically for **clients in Kenya and East Africa** who want to incorporate companies in offshore jurisdictions (primarily the British Virgin Islands). This is **not a basic website**. It is a **guided platform with logic, dashboards, and compliance workflows**. --- **Core Objective** To build a platform that: * Guides users through a structured questionnaire * Assesses suitability for offshore (BVI) structures * Filters us...

My site’s homepage was recently compromised and now contains suspicious or malicious scripts that were never there before. I need someone who can quickly pinpoint every snippet of injected code, remove it without breaking the existing design or functionality, and harden the site so the problem doesn’t return. What I expect from you: • A thorough scan of all homepage files (core code, theme/template, plugins, databases, external calls) to locate the malicious scripts. • Safe removal or replacement of the infected code, followed by visual and functional testing to confirm everything renders exactly as it should. • A concise report detailing what you found, what you removed, and any vulnerabilities you discovered. • Post-cleanup hardening: update permi...

I need a compact Java-based login module that authenticates users with the classic Username + Password combination and blocks automated attempts through a Captcha challenge. End–users will never self-register; instead, an admin interface (it can be a simple CLI menu or a lightweight GUI panel) must let me create, edit, deactivate and delete accounts. Core requirements • Cleanly structured Java code that I can compile and run on any recent JDK. • Captcha check appears after the username-password fields and is verified before access is granted. • Admin-only user management; no public sign-up flow. • Passwords stored securely (hashed with salt). • On successful login the system just prints or routes to a placeholder “dashboard” screen&mdas...

My Magento store on cyberpanel has been hacked and is now completely down. I need someone who can jump in immediately, bring the site back online, and make sure this doesn’t happen again. Here’s what I expect: • Run a full security scan to pinpoint every infection or vulnerability. • Perform thorough malware removal so the storefront is 100 % clean. • Carry out a code audit to find and patch any backdoors or weak spots. • Harden the installation for future attacks—updates, patches, and any other preventative measures you recommend. Please document the steps you take, supply a summary report of issues found and fixed, and confirm the site is loading normally before hand-off. Experience with Magento on cyberpanel, SSH access, and common security ...

Discord Server Setup & Configuration – Day Trading Community Project Overview We're looking for an experienced Discord server builder to help us set up, secure, and fully configure our day trading / IVFG trading community server. We currently have around 67 members and are actively looking to grow. This is a build/setup project, not an ongoing staffing role — we want someone to come in, do it right, and leave us with a clean, professional, fully operational server we can run ourselves. What We Need Done Security & Moderation Full server security setup — protection against raids, griefing, and unauthorized access Link-filtering so members cannot post unsolicited or harmful links Anti-spam and anti-bot protection Role-based permission structure so we have full...

I need my live store upgraded from Prestashop 1.7.8.6 to the latest 9.x latest release without losing a single feature, record, or customization. I rely on a mix of core and third-party modules, custom tweaks, and theme edits that all must keep working exactly as they do now—payment, shipping, catalog, orders, customer accounts, everything. Scope of work • Create a safe staging copy of the site and database. • Perform the version jump to 9.1, handling all backward-compatibility changes. • Update or replace every installed module and theme so they remain fully functional. • Migrate and verify all data: products, customers, orders, SEO URLs, multistore settings (if present), translations. • Thoroughly test front office and back office to confirm that c...

My WordPress site has slowed to a crawl after what the host says is a live attack, so I want to get it behind Cloudflare as soon as possible. I don’t have a Cloudflare account yet, so I’ll need you to create one for me, add the domain, update the DNS records, and point the nameservers correctly. Once the site is active on Cloudflare, I also need the key security features configured—DDoS protection, Web Application Firewall rules, rate limiting, “Under Attack” mode, and any page‐rule tweaks that will harden the installation while keeping legitimate users happy. Please handle SSL/TLS so the padlock stays green without mixed-content warnings, and confirm that automatic backups are not interrupted. If there are quick wins on the performance side (e.g., enabl...

I need help with updating DNS settings and removing malware from my website. My site is currently blocked by security on WiFi and needs to be unblocked on search engines and browsers. Key Tasks: - Update DNS settings for website - Identify and remove malware or security threats - Ensure compliance with terms of service to prevent future blockages Ideal Skills and Experience: - Experience with DNS settings - Strong knowledge of website security and malware removal - Familiarity with search engine and browser unblocking processes - Ability to ensure compliance with web service terms of service

I need an SEO specialist to tackle a technical issue that’s hurting my site’s visibility: broken links. What I’m after • Crawl the entire website, identify every 404 or redirect loop, and map out their sources. • Fix or properly redirect each broken link so users and search-engine bots can navigate without hitting dead ends. • Deliver a concise report that lists: pages scanned, links repaired, and any URLs you redirected, plus before-and-after crawl error counts. Why this matters SEO is my main marketing focus, and technical soundness is the foundation. Once the links are fixed, I’ll be in a stronger position to explore other optimizations, so accuracy here is critical. Tools & access Use whichever crawler or audit tool you prefer&m...

@At this time, I am only considering developers from specific regions, excluding India and Pakistan., DON'T BID@ @DON'T USE AUTO BID@ I need a full-featured online billiards game that runs smoothly on the web, iOS/Android, and desktop. The core experience must be real-time multiplayer: players should be able to enter a lobby, match up instantly, and play with no perceptible lag. Accurate physics, intuitive cue controls, and a polished UI are essential; I want the game to feel as natural on a phone screen as it does in a browser or a PC window. Matchmaking, private room creation, and basic social features (chat, friend invites, simple rankings) have to be baked in from the start. If you work with Photon, WebSockets, Node.js, or similar networking layers, let me know—low-la...

I am looking for a developer to help optimize and maintain a web system for image processing and text analysis. The project uses a Node.js backend for core logic and a Python-based serverless architecture for heavy analysis. Technical Stack: Server-side: Node.js (Express). Database: MongoDB. OCR/Analysis Engine: Python 3.x running on AWS Lambda. Frontend: React (Vite environment). Cloud & DevOps: AWS CLI, S3, Lambda Function URLs. Key Responsibilities: Backend Integration: Connect the Node.js server with Python Lambda functions for seamless data flow. Database Management: Handle data persistence and retrieval using MongoDB. Lambda Deployment: Update and deploy Python scripts (.py) to AWS Lambda using ZIP packages and AWS CLI. RTL Support: Ensure Hebrew text (UTF-8) is proces...

Saya mengalami masalah teknis setiap kali mencoba mengirim penawaran untuk proyek lepas di platform ini. Penawaran tidak pernah terkirim atau berhenti di tengah proses, padahal koneksi internet stabil dan dokumen sudah sesuai format. Yang saya butuhkan: 1. Identifikasi akar masalah pengiriman penawaran—apakah di sisi akun, pengaturan browser, cache, atau konfigurasi lain. 2. Panduan langkah-demi-langkah agar proses submit penawaran kembali normal, lengkap dengan tangkapan layar atau video singkat bila perlu. 3. Uji coba bersama: setelah perbaikan, kita kirim satu penawaran contoh untuk memastikan benar-benar berhasil. 4. Ringkasan tertulis berisi apa saja yang diubah, solusi permanen, dan tips pencegahan untuk kasus serupa. Saya siap memberi akses terbatas ke akun (melalui sesi scr...

Mi sitio en WordPress quedó obsoleto y ha empezado a fallar. Necesito que lo revises a fondo y lo dejes funcionando con la última versión estable. Lo que debe hacerse • Actualizar la versión de WordPress, el tema activo y todos los plugins instalados, garantizando compatibilidad entre ellos. • Corregir los errores que aparecen en algunas páginas y las fallas actuales de varios plugins. • Verificar que la apariencia y la funcionalidad original del sitio se mantengan tras la actualización. • Realizar pruebas finales de carga y navegación para confirmar que todo funciona de forma fluida. Puntos a considerar • Dispongo de una copia de seguridad reciente; puedo facilitar acceso a ella y al hosting. • Agrade...

He realizado cambios tanto en el front-end como en el back-end de mi sitio y necesito una auditoría de seguridad exhaustiva que confirme si las modificaciones dejaron puertas abiertas. Mi prioridad es detectar cualquier forma de inyección que permita alterar la web, en especial: inyección SQL, Cross-Site Scripting (XSS) y Cross-Site Request Forgery (CSRF). Busco a alguien que: • Revise código y configuración en ambos entornos (cliente y servidor). • Ejecute pruebas de penetración orientadas a las vulnerabilidades mencionadas y a otras relacionadas. • Entregue un informe claro con los hallazgos, su criticidad y recomendaciones prácticas de mitigación. Si ya has auditado sitios con cambios recientes y puedes dem...