Web Security Jobs

I hold written authorization from the system owner and need an experienced ethical-hacking professional to carry out a controlled breach of our production environment. The assignment goes beyond a traditional penetration test: I want you to replicate a real-world, end-to-end intrusion scenario so we can measure how our monitoring, logging and incident-response teams react under pressure. Scope • Obtain initial access using any non-destructive vector you discover (phishing simulation, misconfigurations, credential weakness, etc.). • Laterally move, escalate privileges and demonstrate data access without altering or deleting information. • Leave tamper-proof evidence (flags) in pre-agreed directories so we can verify compromise. • Conclude with a thorough report that det...

My provider has suspended my Ubuntu VPS after flagging a hack on the web-server layer (Apache/Nginx, exact stack is in the incident report I will share once we start). At the moment I have zero hardening in place—no firewall rules, no SSL, nothing—so the attacker clearly found an easy way in. I do have a recent full backup, so you can work safely and roll back if needed. Your mission is to identify the entry point, remove any malicious code or files, close the vulnerability, and leave the server in a state that convinces the host to lift the ban. You are welcome to use tools such as fail2ban, UFW/iptables, ClamAV, rkhunter, ModSecurity, or any other utilities you normally rely on. Deliverables • Clean, uncompromised web root and services reinstated • Detailed ...

I’m dealing with unreliable email delivery—some messages never leave the outbox, others vanish on the way in, and a few land straight in spam. I need someone who can quickly trace the root cause and put my account back on solid footing. The domain sits on cPanel and I have full DNS control, so editing SPF, DKIM, or DMARC records is no problem if that proves to be the culprit. Should the fault lie within the mail client, SMTP settings, or server throttling, please adjust those as well and show me exactly what you changed so I can keep the setup healthy in the future. Deliverables • Clear diagnosis explaining the issue and its origin • All configuration fixes applied (DNS, SMTP, or client-side) • Proof of successful send-and-receive tests with no messages f...

I need Cloudflare configured so my site automatically blocks malicious or nuisance traffic rather than legitimate visitors. The immediate headache is spam-driven form submissions and crawlers hammering the same pages hundreds of times a minute, so the goal is to stop those two behaviours without slowing genuine users. I already have a Cloudflare account in place; what I’m missing are the right firewall rules, bot management settings, and rate-limiting thresholds. You’ll review my current WAF/Bot Management setup, identify the loopholes that allow automated form posts and excessive page requests, then implement Cloudflare features such as Bot Fight Mode, custom WAF rules, Challenge or Turnstile for forms, and sensible request limits. Deliverables • Documented list of ...

My CodeIgniter website has been running unchanged for years, yet since yesterday every attempt to sign in is rejected with the “Incorrect username/password” message—even for known-good accounts. I’m not sure whether anything on the server was updated, but I do have full cPanel, SSH, and MySQL access so you can inspect code, configuration files, and logs. Here’s what I need from you: • Identify the exact cause of the failed authentication. • Implement a clean, well-commented fix that restores normal login behaviour without breaking anything else. • Provide a brief report outlining what went wrong and what you changed. The stack is classic PHP, MySQL, and CodeIgniter. Once I confirm that users can log in again, I’ll close the job imm...

I’m looking for a skilled WordPress developer who can take my idea from a blank page to a fully functioning, responsive website. The domain and hosting are ready; everything that happens between first install and launch is where I need your expertise. Here’s what I have in mind so far: • A clean, modern layout that looks great on mobile and desktop • Intuitive navigation with clear calls-to-action • Solid foundation for SEO, speed, and security (caching, image optimisation, SSL) Beyond that, I’m open to your suggestions on themes, plugins, and any best-practice integrations (contact forms, social media hooks, email capture, analytics, etc.). Process wise, I’d like to: 1. Brief you on my content goals and brand style. 2. Review two or...

Project Description I am looking for an experienced developer who can implement a solution to send POST API requests directly from an active browser session, maintaining full session integrity and security context. The requirement is to replicate browser network requests exactly as they occur in DevTools — including all dynamic headers, cookies, tokens, and Akamai-related security parameters — without triggering bot protection or security blocks. Core Requirements: API request must originate from the same opened browser session Must reuse: All request headers Session cookies CSRF tokens Authorization tokens Dynamic security tokens Akamai-related parameters Must work with protected endpoints (Akamai / Bot Manager enabled) Should avoid 403, 401, 504, or security validation fail...

I need an expert who can review the current implementation and make sure the widget is working Your task will be to audit the existing code and adjust the way to make it work

I am seeking an expert WordPress plugin developer to build a professional-grade, cross-browser cookie cleaner that gives administrators granular control over which specific cookies are deleted when users log out. This is not a simple "delete everything" plugin—existing solutions fail because they either rely exclusively on the Clear-Site-Data header (which does not work on Safari, iOS browsers, or Edge Legacy), or they lack a proper admin interface for selective deletion, or they cannot handle HttpOnly cookies (like WordPress authentication cookies) which JavaScript cannot touch. I need a four-layer hybrid solution that: (1) sends the Clear-Site-Data header only to supporting browsers (Chrome, Firefox, Edge Chromium), (2) performs server-side PHP deletion of HttpOnly cookie...

Hello, i want to hire someone to do 3 tasks 1) migration 100% clone from one place to another 2) small issue need to fix 3) small fix Budget 1000 INR , I want somone to start now and finish in 2 - 3 hrs Regard

I’m ready to bring in a security specialist to run a thorough, manual penetration test on my live e-commerce application. Automated scanners aren’t enough for this engagement—I need human-driven testing that uncovers real-world attack paths. Here’s what I’m looking for: • A full manual assessment covering all SQL Injection, Cross-site Scripting (XSS) and Cross-site Request Forgery (CSRF),Web Application Penetration Testing , Network Penetration Testing Services External or Internal, Web Services Testing, API Testing • Exploitation-level proof of concept for every confirmed issue, with clear, reproducible steps. • A concise risk-ranked report that separates critical, high, medium and low findings, followed by practical remediation advice writ...

I have a WordPress website that I am trying to advertise on Google Ads, but Google finds it as a Compromised Site. I have hired a develop over here and over a month already and he wasn't able to fix it. I hope I finally find someone who can fix it.

I need help with my Samsung S23FE, which is plagued by 7 viruses, requests to update or install new apps and stop advertisers like Temu with others constantly appearing. Key tasks: - Prioritize virus removal - Clear memory of unwanted data maintaining photos contacts emails messages financials etc. - Uninstall and remove unnessary and duplicated apps, Ideal skills and experience: - Experience with Samsung devices - Proficiency in virus removal and mobile optimization - Knowledge of Android security and antivirus software Looking for a reliable freelancer who can ensure my phone is secure and running smoothly.

Hi i have 2 exiwsting website that need the ssl ceritifcate updated. very simple job Once these points are confirmed, the job is complete and payment is released.

My single-domain server on Virtualmin is about to lose its SSL and I can’t switch to any outside certificate provider, so I need a fresh Let’s Encrypt SSL generated and installed right away. I’d like you to: • Trigger a clean Let’s Encrypt renewal inside Virtualmin • Apply the new certificate to both the domain and Webmin/Usermin services so every port stays secure • Verify that the site, mail, and control panel all load without browser warnings You’ll have /Virtualmin access via Anydesk ONLY. Once you finish, I want to see the green padlock in every major browser and the certificate details reflecting the new expiry date. I’m ready to move immediately—please let me know how quickly you can jump in. $20 is the MAX budget.

We are looking for an experienced DNS and domain reputation specialist to help resolve an ongoing production issue affecting users on certain mobile networks (specifically T-Mobile). The specific error users see is: DNS_PROBE_FINISHED_NXDOMAIN Our platform is hosted on AWS (Route 53 + ALB / CloudFront). DNS is correctly configured and resolves properly on most networks (Google DNS, Quad9, etc.). Our domain reputation has already been reviewed and corrected by major security providers. However, users on T-Mobile are still experiencing DNS-based blocking or resolution issues. This appears to be related to carrier-level DNS filtering or residual reputation/security classification behavior — not core infrastructure misconfiguration. ⸻ Scope of Work • Diagnose carrier-level DNS...

We would like to find someone who is capable of making a ticket buying bot, to PREVENT tickets from being bought from. This is a protection and defensive upwork post. We are looking to block vulnerabilities in the website. Thank you, J

I'm looking for an expert to optimize the performance of my web application. Key focus areas include: - Application performance enhancement - Resolving specific performance issues (to be discussed) Ideal skills and experience: - Proven track record in web app performance optimization - Expertise in identifying and resolving slow loading times, high memory usage, and crashes - Strong knowledge of web technologies and optimization tools - Ability to analyze and improve application performance metrics Please provide relevant experience and approach in your bids.

I’m launching an online store and need a developer who can take the project from blank domain to a fully operational e-commerce site. The single non-negotiable requirement is a rock-solid payment gateway integration that handles multiple cards securely and passes PCI compliance checks. I’m open on platform—Shopify, WooCommerce, Magento, or any other stack you’re comfortable with—as long as the final build is stable, fast, and easy for me to manage after hand-off. Product search, filters, and customer reviews may be added in later phases, but they aren’t part of this initial scope. Deliverables • Responsive storefront with sample product catalog • Payment gateway set up, tested end-to-end in both sandbox and live modes • Admin das...

I’ve built a custom web application and it’s almost ready for production. Before the public rollout, I want a rigorous penetration test that will expose any weakness and help tighten every layer of security. The assessment must be hands-on and realistic, covering the full stack rather than a purely theoretical review. Scope My priorities are clear: • Code review – comb through the source for injection points, authentication flaws, insecure dependencies, and logic errors. • Network-level probing – map open ports, misconfigured firewalls, and potential lateral-movement paths. • Server configuration – evaluate patch levels, TLS setup, permissions, and hardening of the underlying OS and web server. Primary Goal The sole purpose is to imp...

Cloud Security Specialist – Immediate Infrastructure Hardening (Short Term) Project Overview Duration: 3 to 5 days Location: Remote Start: Immediate A healthcare technology platform requires a Cloud Security Specialist to implement quick security improvements identified in a recent penetration assessment. This is a focused, short-term assignment aimed at reducing immediate attack surface exposure at the infrastructure layer. Scope of Work All listed tasks must be completed. 1. Server Version Disclosure Prevention Remove server and framework version information from HTTP responses. Responsibilities Configure AWS Application Load Balancer to remove server headers Update CloudFront response headers policy Disable X Powered By headers in Customize error responses to prevent ve...

Cloud Security Specialist – Immediate Infrastructure Hardening (Short Term) Project Overview Duration: 3 to 5 days Location: Remote Start: Immediate A healthcare technology platform requires a Cloud Security Specialist to implement quick security improvements identified in a recent penetration assessment. This is a focused, short-term assignment aimed at reducing immediate attack surface exposure at the infrastructure layer. Scope of Work All listed tasks must be completed. 1. Server Version Disclosure Prevention Remove server and framework version information from HTTP responses. Responsibilities Configure AWS Application Load Balancer to remove server headers Update CloudFront response headers policy Disable X Powered By headers in Customize error responses to prevent ve...

We are seeking a reliable IT team to support our medical centre with comprehensive, end-to-end IT services. This would include setting up, managing, maintaining, and regularly updating all aspects of our IT infrastructure, including networks, servers (on-site and / or cloud-based), workstations, computers, printers, and all connectivity systems. We require ongoing management of firewalls, cybersecurity protections, antivirus and anti-malware systems, data encryption, secure remote access, backups and disaster recovery solutions, and proactive monitoring to prevent downtime. Support would also cover software installation and updates (including clinical and practice management systems - Best Practice), email systems, cloud services, data storage, compliance with healthcare data protection re...

We are seeking a reliable IT team to support our medical centre with comprehensive, end-to-end IT services. This would include setting up, managing, maintaining, and regularly updating all aspects of our IT infrastructure, including networks, servers (on-site and / or cloud-based), workstations, computers, printers, and all connectivity systems. We require ongoing management of firewalls, cybersecurity protections, antivirus and anti-malware systems, data encryption, secure remote access, backups and disaster recovery solutions, and proactive monitoring to prevent downtime. Support would also cover software installation and updates (including clinical and practice management systems - Best Practice), email systems, cloud services, data storage, compliance with healthcare data protection re...

is seeking an experienced web application security specialist to address specific vulnerabilities identified in our recent penetration testing assessment. As a healthcare technology company specializing in innovative oral health monitoring solutions, we prioritize robust security standards and regulatory compliance. This is a focused, short-term engagement to remediate six specific security findings in our web application infrastructure. We need an independent contractor who can take full ownership of implementing these security fixes efficiently and professionally. Scope of Work - Specific Vulnerability Remediations Based on our completed Web Penetration Testing assessment, you will address the following security findings: 1.-n/a 2. Server Version Disclosure Prevention • Task Ty...

is seeking an experienced web application security specialist to address specific vulnerabilities identified in our recent penetration testing assessment. As a healthcare technology company specializing in innovative oral health monitoring solutions, we prioritize robust security standards and regulatory compliance. This is a focused, short-term engagement to remediate six specific security findings in our web application infrastructure. We need an independent contractor who can take full ownership of implementing these security fixes efficiently and professionally. Scope of Work - Specific Vulnerability Remediations Based on our completed Web Penetration Testing assessment, you will address the following security findings: 1.-n/a 2. Server Version Disclosure Prevention • Task Ty...

After installation the wordpress site and theme works not good. It endless loading and timeout after adding one picture. Check server settings, theme and installation, memory space etc. and fix the issue

I operate two offices and I purchased two UniFi UDM Pro, and I want them linked so that staff can reach internal resources from either location as if they were on the same LAN or to work remotely (VPN access). Nothing is in place yet, so the full security stack must be designed and deployed from scratch. Scope of work • Build and test a site-to-site VPN between the two UDM Pros for seamless remote access. • Create granular firewall rules that allow only the traffic we specify while blocking everything else. • Enable and tune UniFi’s intrusion-detection/prevention features to catch unwanted activity without flooding us with false alarms. • Document every setting—screenshots or exported configs—so I can replicate or restore the setup if needed. ...

I need a Godaddy-issued SSL certificate installed and fully configured on my Windows Server 2019 VPS that is also hosted with Godaddy. The certificate has already been purchased; what’s left is generating the CSR (if you prefer, I can supply one), importing the returned certs, installing the intermediate chain, and binding everything to the correct IIS site so the domain loads only over HTTPS. Once the certificate is in place, please force-redirect all HTTP traffic to HTTPS, check for mixed-content warnings, and run an SSL Labs test to confirm an “A” rating or better. Deliverables • CSR generation (or validation of my existing CSR) • SSL certificate and chain correctly installed in IIS • HTTP-to-HTTPS redirect enabled and verified • Final rep...

I'd need to create a social network with , I'd need hardening plus ensuring the platform will be deployable and production-ready

My network edge relies on a Sophos XG appliance and a Fortinet FortiGate unit. Both devices are in production, but their current configuration is a mix of legacy rules and quick fixes that now interfere with performance and security. I want a seasoned firewall engineer to step in, examine every setting, correct what is wrong, and design a clean, least-privilege rule base. Scope of work • Configuration – back up the existing setups, remove or refine redundant rules, and align all interfaces, NAT, VPN, IPS and logging options with best-practice guidelines for Sophos SFOS and FortiOS. • Troubleshooting – identify and eliminate the intermittent drops we see on site-to-site VPN and outbound web traffic. Validation must include live traffic tests and log review. &bul...

I run a Canadian real-estate search engine that must stay lightning-fast for genuine home-hunters while remaining fully crawlable by Google, Bing and other reputable AI/search bots. Right now Cloudflare shows ±100 k daily hits from malicious, spam and scraper bots; that traffic spikes the servers, ruins bounce-rate metrics and occasionally knocks the site offline. I have already: • Placed the site on Cloudflare, • Allowed full, captcha-free access for visitors inside Canada, • Forced most other countries through a captcha, • Experimented with firewall rules, IP and UA blocking. Unfortunately, Google’s crawler activity drops whenever the shield becomes too strict, so I’m looking for an expert who can strike the sweet spot: block malicious...

I am looking for an experienced Instagram account recovery specialist to help me regain access to my business Instagram account. I currently cannot log in to my account through any method: Password reset is not working Facebook login is not working Instagram recovery page shows “No account found” However, the username and account are still visible when checked from another Instagram account Additional details: This is a business account I still have access to the original email and phone number The issue happened suddenly, likely due to hacking or unauthorized changes What I need: Proper recovery through Instagram / Meta official support Assistance with hacked account appeal and verification No fake tools or scams — only legitimate recovery methods Requireme...

My QRadar deployment needs a sharper eye on phishing. I want a set of custom Alert and Correlation rules that reliably pick up everything from the first suspicious e-mail event to follow-up user activity that hints the attack is moving forward. Scope • Build correlation logic that ties together indicators such as mail-gateway detections, odd mailbox rules, risky web clicks, and any subsequent authentication anomalies. • Create alert rules that trigger actionable offenses the moment a phishing pattern emerges. The rules must fit neatly into existing QRadar best practices: use building blocks where appropriate, keep AQL searches efficient, and document each rule so another analyst can tune or extend it later. Acceptance A rule set that fires during lab replay of know...

TOR — Causeway Finance Website + Resource Library (Production-Ready, Admin + CI/CD) Deadline: 17 Feb 2026, 18:00 Cairo (UTC+2) Production domains: + Staging: (or equivalent) Inputs (authoritative) Version A: Version B: What I provide Full Drive package access (code + materials) AWS IAM access (scoped/least-privilege) for deployment/setup Project Title: Causeway Finance Website + Resource Library + Admin System (EN/AR) + AWS CI/CD Final Deadline: 17 Feb 2026, 18:00 Cairo (UTC+2) Project Type: Fixed-Price, Strict Milestone-Based 1. Project Overview & Objective We are seeking a top-tier full-stack developer to build and deploy a production-ready, bilingual (EN/AR) website and a comprehensive admin control panel for Causeway Group. The target audience is banks and financial in...

I need a thorough, methodical security assessment of my production-ready web application. The goal is to expose any weaknesses before launch, demonstrate real-world exploitability, and give me a clear, prioritized plan for remediation. Scope • Full application security testing: authentication, authorization logic, input validation, business-logic flows, session management, server configuration, and third-party integrations. • Black-box techniques are fine, but I can supply test credentials for deeper analysis if that helps you reach code paths hidden behind login. • Industry-standard tooling such as Burp Suite, OWASP ZAP, Nikto, or your preferred commercial scanner is expected, followed by manual verification so I’m not just getting automated false positives. ...

I’m managing a law-firm website on WordPress and need a Scrum-savvy professional to guide a short, focused sprint that uncovers every problem and closes each one out. At the moment the homepage, service pages, and contact forms are suffering from slow load times, broken links, visible placeholder text, and several security red-flags my host keeps warning me about. Here’s how I’d like us to tackle it: • Kick off with a rapid discovery session, turning existing pain points into a clear, prioritised backlog. • Run one or two time-boxed sprints (your call after the audit) to deliver: – Sub-two-second load times across the affected pages – Fully working links and forms, no placeholder copy left behind – Core Web Vitals in the gree...

Auf meiner WordPress-Seite erscheinen auf dem Frontend ständig 500-Seiten. Im Backend leider der gleiche Fehler. Ich brauche zeitnah Unterstützung, um • die Ursache dieser Frontend-Fehlermeldungen zu identifizieren (Permalink-Struktur, .htaccess, Plugin-Konflikte, Theme-Routing etc.) • alle betroffenen Links wieder erreichbar zu machen und saubere Weiterleitungen einzurichten, wo nötig • anschließend kurz zu testen, ob Beiträge, Seiten und Kategorien korrekt funktionieren und gecacht werden. Bitte bring Erfahrung mit WordPress-Debugging, Permalink-Reparatur und gängigen Tools wie WP-CLI, Query Monitor oder vergleichbaren Plug-ins mit. Ein kurzer Bericht über die gefundene Fehlerquelle und die durchgeführten Schritte reicht m...

Saya membutuhkan solusi lengkap untuk meng-host sesi live streaming penjualan. Fokus utamanya adalah menyiarkan acara secara langsung dengan chat interaktif sehingga penonton dapat bertanya atau memesan produk real-time, sekaligus menyediakan analytics untuk memantau jumlah penonton, durasi tonton, dan konversi. Lingkup kerja utama: • Menyiapkan server atau layanan hosting yang stabil untuk live streaming Full HD. • Mengintegrasikan fitur live chat langsung di halaman pemutar. • Menambahkan modul user analytics yang dapat diekspor ke laporan Excel atau Google Sheets. • Membangun panel admin sederhana untuk menjadwalkan siaran, memulai/ menghentikan streaming, dan mengunggah rekaman untuk replay. • (Opsional) Menghubungkan platform dengan aplikasi kantor po...

Saya membutuhkan solusi lengkap untuk meng-host sesi live streaming penjualan. Fokus utamanya adalah menyiarkan acara secara langsung dengan chat interaktif sehingga penonton dapat bertanya atau memesan produk real-time, sekaligus menyediakan analytics untuk memantau jumlah penonton, durasi tonton, dan konversi. Lingkup kerja utama: • Menyiapkan server atau layanan hosting yang stabil untuk live streaming Full HD. • Mengintegrasikan fitur live chat langsung di halaman pemutar. • Menambahkan modul user analytics yang dapat diekspor ke laporan Excel atau Google Sheets. • Membangun panel admin sederhana untuk menjadwalkan siaran, memulai/ menghentikan streaming, dan mengunggah rekaman untuk replay. • (Opsional) Menghubungkan platform dengan aplikasi kantor po...

Saya membutuhkan sebuah tulisan deskriptif dalam bahasa Indonesia yang menggambarkan makhluk hidup—tepatnya seorang manusia—dengan fokus utama pada emosi dan perasaan. Tujuan saya adalah membawa pembaca seolah-olah berada di dalam kepala tokoh, merasakan getaran hati, riak napas, dan perubahan ekspresi yang terjadi sepanjang situasi yang Anda bangun. Ruang lingkup: • Panjang naskah sekitar 600–800 kata. • Sudut pandang bebas (orang pertama atau ketiga), asalkan konsisten. • Gunakan pancaindra untuk memunculkan detail sensorik: suara denyut jantung, wangi udara, tekstur kulit saat merinding, dan sebagainya. • Hindari daftar sifat; ceritakan lewat aksi kecil—jari yang gemetar, mata yang membasah, senyum setengah tertahan. • Bahasa har...

Saya sedang mempelajari cara kerja sebuah aplikasi berbasis web dan ingin memahami proses autentikasi penggunanya secara menyeluruh. Tolong bantu saya dengan penjelasan yang mudah dipahami namun tetap akurat secara teknis. Ruang lingkup yang saya butuhkan: • Alur login → dari formulir hingga verifikasi di server. • Mekanisme penyimpanan dan pengecekan kata sandi (hashing, salting, dsb.). • Cara pengelolaan sesi atau token (cookie-based, JWT, atau pendekatan lain). • Langkah pengamanan umum untuk mencegah serangan seperti brute force, session hijacking, dan CSRF. Silakan sajikan dalam format ringkas—boleh berupa poin-poin tertata, diagram sederhana, atau kombinasi keduanya—supaya saya bisa langsung memahaminya dan menerapkannya pada proyek ...

O Facebook Sharing Debugger devolve os códigos 418 e 429 para todas as URLs do meu site, impedindo que meus artigos e posts de blog sejam exibidos corretamente ao compartilhar. Os metadados Open Graph já estão configurados, portanto o problema está, muito provavelmente, na forma como o crawler do Facebook chega ao servidor (DNS, firewall, cache, rate-limit ou configuração de headers). Sua missão: • Diagnosticar a causa exata desses retornos 418/429. • Ajustar a configuração necessária — seja no servidor web, proxy/CDN, regras de segurança ou limites de requisição — para que o Facebook consiga acessar qualquer página sem bloqueios. • Validar, no próprio Sh...

Necesito que un/una sysadmin instale y deje funcionando un certificado SSL emitido por Cloudflare en mi servidor. Aún no he especificado si trabajo con Apache, Nginx u otra plataforma, por lo que valoro a alguien que pueda adaptarse a cualquiera de estos entornos y guiarme si hace falta ajustar la configuración. El resultado que espero: • Certificado SSL de Cloudflare correctamente instalado y verificado. • Sitio accesible a través de HTTPS sin advertencias del navegador. • Instrucciones breves de los pasos aplicados para futuras actualizaciones. Dispongo de acceso al panel de Cloudflare y a las credenciales del servidor; si se requiere algo adicional puedo facilitarlo durante el proceso. Busco una solución rápida, limpia y segura, id...